What is CVE-2026-57303?

CVE-2026-57303 is a high-severity vulnerability in Jenkins Project Assembla Plugin, classified under Server-Side Request Forgery (SSRF). CVSS score: 7.1/10. Published 2026-06-24.

How severe is CVE-2026-57303?

High severity. CVSS v3 base score is 7.1 out of 10.

SSRF in Jenkins Project Assembla Plugin

CVE-2026-57303

Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins…

Vulnerability class: SSRF (Server-Side Request Forgery)

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N.

Affected products

Jenkins Project Assembla Plugin — versions 0

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

jenkinsci-cert@googlegroups.com (vendor-advisory)

Frequently asked questions

What is CVE-2026-57303?: CVE-2026-57303 is a high-severity vulnerability in Jenkins Project Assembla Plugin, classified under Server-Side Request Forgery (SSRF). CVSS score: 7.1/10. Published 2026-06-24.
How severe is CVE-2026-57303?: High severity. CVSS v3 base score is 7.1 out of 10.