What is the severity of CVE-2026-42522?

CVE-2026-42522 has a CVSS v3 score of 4.3, which is classified as Medium severity.

Is there an exploit available for CVE-2026-42522?

No known public exploits are currently available for CVE-2026-42522.

Is there a patch available for CVE-2026-42522?

Yes, patches are available for CVE-2026-42522. Check the vendor advisories for update instructions.

CVE-2026-42522 - CVE Details, Severity, and Analysis

Q: What is CVE-2026-42522?

Jenkins GitHub Branch Source Plugin versions 1967.vdea_d580c1a_b_a_ and earlier do not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials. GitHub Branch Source Plugin 1967.1969.v205fd594c821 requires Overall/Manage permission to perform the connection test.

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

CVE-2026-42522 - CVE Details, Severity, and Analysis | Strobes VI

Trend Analysis

Neutral

Vulnerable Products

Vendor	Product
Jenkins	GitHub Branch Source

Advisories

GitHub Advisory

NVD: A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea_d580c1a_b_a_ and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials.