CVE-2026-14336 - Eclipse PIA OIDC Issuer Allowlist Bypass
CVE ID :CVE-2026-14336 Published : July 2, 2026, 8:29 a.m. | 2 hours, 44 minutes ago Description :PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check (issuer.startswith(' https://ci.eclipse.org ') in is_issuer_known, pia/models.py:139) instead of validating the...