Verified — Jenkins CLI arbitrary file read via @ argument expansion
Severity CRITICAL
Confidence HIGH
Reproduced in 21m 31s
Tool calls 73
Spend $1.64
Affected weekly <= 2.441; LTS <= 2.426.2
Fixed in 2.442; 2.426.3; 2.440.1
$
pruva-verify REPRO-2026-00200 or
curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00200/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh Run in a VM or disposable container. This exploits a real vulnerability.
Jenkins core CLI uses args4j’s expandAtFiles feature to replace arguments prefixed with @ with file contents. In Jenkins 2.441 and earlier (weekly) and 2.426.2 and earlier (LTS), this feature is enabled by default, allowing unauthenticated attackers to read the first few lines of arbitrary files and users with Overall/Read permission to read entire files. Leaked secrets can enable further compromise, including RCE.
The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.
Loading session...
Scripts, logs, diffs, and output captured during the reproduction.
bundle/repro/runtime_manifest.json0.9 KBbundle/repro/validation_verdict.json0.7 KBbundle/ticket.json3.7 KBbundle/ticket.md3.3 KBbundle/logs/docker_vuln.log2.6 KBbundle/logs/docker_fixed.log3.0 KBbundle/logs/whoami_fixed.out0.1 KBbundle/logs/fixed_attempt2.log0.0 KBbundle/logs/vuln_attempt2.log2.3 KBbundle/logs/cli_fixed.out0.0 KBbundle/logs/fixed_passwd_ground_truth.txt0.9 KBbundle/logs/cli_vuln.out2.3 KBbundle/logs/vuln_passwd_ground_truth.txt0.9 KBbundle/logs/fixed_attempt1.log0.0 KBbundle/logs/whoami_vuln.out0.1 KBbundle/logs/vuln_attempt1.log2.3 KBbundle/logs/reproduction_steps.log3.3 KBbundle/logs/cli_vuln_help.out3.2 KBbundle/repro/reproduction_steps.sh19.3 KBbundle/repro/rca_report.md5.9 KB