Vulnerability Details CVE-2026-57297
A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, API key, and service key.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 4.3%
CVSS Severity