CVE-2026-57300 Overview
CVE-2026-57300 is a missing authorization vulnerability [CWE-862] affecting the Jenkins MCP Server Plugin version 0.177.v629fdb_2557fe and earlier. The plugin fails to perform a permission check when handling requests for Pipeline replay scripts. Attackers with Item/Read permission can read the Pipeline replay scripts of jobs they can access, exposing potentially sensitive build logic and secrets embedded in pipeline definitions.
The issue was published on June 24, 2026, through Jenkins Security Advisory SECURITY-3759. Exploitation requires authenticated access with low privileges and can be performed over the network without user interaction.
Critical Impact
Authenticated users with Item/Read permission can disclose Pipeline replay script contents, potentially exposing proprietary build logic, internal infrastructure details, and credentials referenced in pipeline code.
Affected Products
- Jenkins MCP Server Plugin 0.177.v629fdb_2557fe
- Jenkins MCP Server Plugin versions earlier than 0.177.v629fdb_2557fe
- Jenkins controllers running any vulnerable release of the MCP Server Plugin
Discovery Timeline
- 2026-06-24 - Jenkins publishes Security Advisory SECURITY-3759
- 2026-06-24 - CVE-2026-57300 published to NVD
- 2026-06-25 - Last updated in NVD database
Technical Details for CVE-2026-57300
Vulnerability Analysis
The Jenkins MCP Server Plugin exposes endpoints that surface Pipeline replay scripts to clients. Pipeline replay scripts contain the Groovy source used to define and rerun a build, often including parameter handling, credential references, and internal service URLs.
The vulnerable plugin does not verify that the requesting user has the Item/Configure or Replay permission before returning these scripts. It only checks that the user can read the job. As a result, any authenticated principal with Item/Read on a target job can retrieve the underlying pipeline source through the plugin.
This is a confidentiality issue with no integrity or availability impact. However, leaked pipeline source often becomes the staging point for follow-on attacks against connected systems, credentials stores, and source code management platforms.
Root Cause
The root cause is a missing authorization check [CWE-862]. Functions that expose Pipeline replay content rely on read-level access control instead of the stricter permission set that the Jenkins core uses for the standard Replay feature. The plugin trusts that Item/Read is a sufficient gate, breaking the principle of least privilege.
Attack Vector
An attacker authenticates to Jenkins with any account holding Item/Read on a target job. They then issue a request through the MCP Server Plugin asking for the Pipeline replay script of that job. The plugin returns the script without validating that the caller has permission to view or modify pipeline definitions. No social engineering, chained exploit, or special tooling is required.
No public exploit code or proof-of-concept has been published for this issue. The vulnerability mechanism is described in the Jenkins advisory referenced above.
Detection Methods for CVE-2026-57300
Indicators of Compromise
- Requests routed through MCP Server Plugin endpoints that return Pipeline replay script content to non-administrative accounts.
- Unusual read activity from low-privilege Jenkins accounts targeting multiple jobs in rapid succession.
- Access log entries showing Item/Read users retrieving content normally limited to users with Replay or Item/Configure.
Detection Strategies
- Review Jenkins access logs for MCP Server Plugin request paths and correlate with the requesting user's effective permission set.
- Alert on any successful response containing Groovy pipeline source delivered to accounts that lack Item/Configure or Replay.
- Compare the plugin version reported by /manage/pluginManager against the fixed release noted in SECURITY-3759.
Monitoring Recommendations
- Forward Jenkins controller logs to a centralized logging or SIEM platform and retain authentication and authorization events.
- Track installed plugin inventory across all Jenkins controllers and flag deployments still running 0.177.v629fdb_2557fe or earlier.
- Monitor outbound calls from Jenkins agents that occur shortly after unexpected pipeline read events, which may indicate follow-on credential abuse.
How to Mitigate CVE-2026-57300
Immediate Actions Required
- Inventory all Jenkins controllers and identify those running the MCP Server Plugin at version 0.177.v629fdb_2557fe or earlier.
- Upgrade the MCP Server Plugin to the fixed release listed in Jenkins Security Advisory SECURITY-3759.
- Review which users hold Item/Read on sensitive jobs and remove access where it is not required.
- Rotate credentials, tokens, and secrets that may have been visible in Pipeline replay scripts on affected controllers.
Patch Information
Apply the plugin update referenced in Jenkins Security Advisory SECURITY-3759. The fixed version enforces the correct permission check before returning Pipeline replay script content. Restart the Jenkins controller after upgrading and verify the new plugin version through the Manage Plugins interface.
Workarounds
- Disable the Jenkins MCP Server Plugin on controllers where it is not actively used until the patched version is deployed.
- Restrict Item/Read on jobs containing sensitive pipeline logic to a minimal set of trusted users.
- Move secrets out of inline pipeline code and into the Jenkins Credentials store, referenced through withCredentials blocks, to reduce exposure if scripts are disclosed.
# Check installed plugin version on a Jenkins controller via CLI
java -jar jenkins-cli.jar -s https://jenkins.example.com/ \
-auth admin:$JENKINS_TOKEN \
list-plugins | grep -i mcp-server
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

