LOW
hekmon8
CVE published 2026-06-01
CVE-2026-10276
A server-side request forgery (SSRF) vulnerability exists in hekmon8 Jenkins-server-mcp version 0.1.0, specifically within the `jobPath` function in `src/index.ts`. The flaw affects the `get_build_status`, `get_build_log`, and `trigger_build` components. An attacker with low privileges can manipulate input to induce unauthorized outbound requests from the server. The vulnerability is remotely exploitable, [truncated]