Vulnerability in Jenkins Project Loadninja Plugin
CVE-2026-33003
Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file…
EPSS: 0.000 (12.3th percentile) — read the EPSS interpretation.
Affected products
- Jenkins Project Loadninja Plugin — versions 0
References
- Jenkins Security Advisory 2026-03-18 (vendor-advisory)