Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Jenkins Reliance on Reverse DNS Resolution for a Security-Critical Action Vulnerability (CVE-2026-33002) - Vulnerability Database

Jenkins Reliance on Reverse DNS Resolution for a Security-Critical Action Vulnerability (CVE-2026-33002)

Description

Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS 2.541.2 (both inclusive) performs origin validation of requests made through the CLI WebSocket endpoint by computing the expected origin for comparison using the Host or X-Forwarded-Host HTTP request headers, making it vulnerable to DNS rebinding attacks that allow bypassing origin validation.

References

CVE-2026-33002

Related Vulnerabilities

OpenSSL CVE-2021-4160 Vulnerability (CVE-2021-4160) Medium
Common tags: Missing Update Known Vulnerabilities
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1148) Medium
Common tags: Missing Update Known Vulnerabilities
SharePoint Improper Input Validation Vulnerability (CVE-2020-1025) Critical
Common tags: Missing Update Known Vulnerabilities
SharePoint NULL Pointer Dereference Vulnerability (CVE-2020-1069) High
Common tags: Missing Update Known Vulnerabilities
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1099) Medium
Common tags: Missing Update Known Vulnerabilities

Severity

High

Classification

CVE-2026-33002
CWE-350
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update
Known Vulnerabilities