CVE-2026-48920

CVE-2026-48920

Name

CVE-2026-48920

Description

Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as `base64` in email content by setting the `data-inline` attribute, without restrictions on the image URLs that can be inlined, allowing attackers able to control the email content to specify `file:` URLs for images to read arbitrary files from the Jenkins controller filesystem.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
jenkinsci-cert@googlegroups.com	https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3705

Type

URI

jenkinsci-cert@googlegroups.com

https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3705

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:jenkins:email_extension::::::jenkins::*`	jenkins	>= None	<= 1925.v1598902b_58dd
`cpe:2.3:a:jenkins:email_extension:1933.v45cec755423f:::::jenkins::`	jenkins	== None	== 1933.v45cec755423f

CPE URI

Source package

Min version

Max version

cpe:2.3:a:jenkins:email_extension:*:*:*:*:*:jenkins:*:*

jenkins

>= None

<= 1925.v1598902b_58dd

cpe:2.3:a:jenkins:email_extension:1933.v45cec755423f:*:*:*:*:jenkins:*:*

jenkins

== None

== 1933.v45cec755423f

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
jenkins	edge-community	2.555.1-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
jenkins	edge-community	2.541.3-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
jenkins	edge-community	2.541.2-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
jenkins	edge-community	2.541.1-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
jenkins	edge-community	2.528.3-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
jenkins	edge-community	2.516.1-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
jenkins	edge-community	2.479.1-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
jenkins	edge-community	2.479.1-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
jenkins	edge-community	2.361.2-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
jenkins	edge-community	2.346.2-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
jenkins	edge-community	2.346.2-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
jenkins	edge-community	2.332.4-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
jenkins	edge-community	2.332.3-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
jenkins	edge-community	2.332.2-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
jenkins	edge-community	2.332.1-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
jenkins	edge-community	2.319.3-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
jenkins	edge-community	2.319.2-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
jenkins	edge-community	2.287-r0	None	possibly vulnerable
jenkins	edge-community	2.275-r0	None	possibly vulnerable
jenkins	edge-community	2.245-r0	None	possibly vulnerable
jenkins	edge-community	2.228-r0	None	possibly vulnerable
jenkins	3.23-community	2.541.2-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
jenkins	3.23-community	2.516.1-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages