Official Checkmarx Jenkins Plugin Compromised With Infostealer

What happened

Checkmarx disclosed over the weekend that a rogue version of its Jenkins Application Security Testing plugin was published to the Jenkins Marketplace on May 9, 2026, marking the third supply chain compromise the company has suffered since late March. The malicious version, numbered 2026.5.09, was uploaded outside the plugin’s official release pipeline, lacked a git tag and GitHub release, and did not follow the plugin’s standard date formatting scheme.

The compromise was claimed by TeamPCP, the threat group behind the broader Shai-Hulud supply chain attack campaigns. A company spokesperson confirmed to BleepingComputer that TeamPCP used credentials originally stolen during the Trivy vulnerability scanner breach in March to access Checkmarx’s GitHub repositories. A message left by the attackers in the plugin’s about section read: “Checkmarx fails to rotate secrets again. With love – TeamPCP.”

This access enabled TeamPCP to publish malicious versions of multiple developer tools across GitHub, Docker, and VSCode, including the KICS analysis tool compromised in April. The Jenkins AST plugin integrates security scanning directly into CI/CD pipelines, making it a particularly high-value target given its access to build environments, credentials, and secrets. Checkmarx has not detailed what the rogue Jenkins plugin does on installed systems but advised users to treat any installation of the malicious version as a full credential compromise. The safe version is 2.0.13-829.vc72453fa_1c16, published on December 17, 2025, or any earlier release. Checkmarx has published indicators of compromise and confirmed that GitHub repositories are isolated from customer production environments with no customer data stored there.

Who is affected

Organizations running the malicious Jenkins plugin version 2026.5.09 in their CI/CD pipelines should treat the environment as fully compromised. Given the Jenkins AST plugin’s role in automated build and deployment pipelines, any secrets, credentials, or tokens accessible to the pipeline on affected systems are at risk. Checkmarx has stated no customer production data was exposed through the GitHub repository compromise.

Why CISOs should care

TeamPCP has now used a single set of credentials stolen in March to compromise Checkmarx’s distribution infrastructure three separate times across a six-week period: KICS via Docker and VSCode extensions in April, the LAPSUS$ data leak, and now the Jenkins AST plugin. The taunt left in the plugin’s about section is a direct message that credentials from the original Trivy breach were never rotated, and each subsequent compromise exploited that same failure.

For security leaders, this sequence is a concrete illustration of how a single upstream credential theft can produce compounding supply chain compromises over an extended period if initial access is not fully contained. Security tools and plugins have privileged access to build environments by design, making them disproportionately dangerous as compromise vectors.

3 practical actions

Verify the Checkmarx Jenkins AST plugin version immediately and downgrade if the malicious version is installed: Confirm your environment is running version 2.0.13-829.vc72453fa_1c16 or earlier. If version 2026.5.09 is present, treat the Jenkins environment as fully compromised, rotate all secrets and credentials accessible to the pipeline, and investigate for lateral movement and persistence indicators using the IoCs published by Checkmarx.

Audit all Checkmarx-related artifacts across your Jenkins, Docker, and VSCode environments: The TeamPCP campaign targeted multiple Checkmarx distribution channels simultaneously. Verify the integrity of every Checkmarx tool in use against known-good versions and treat any artifact published between March and May 2026 as potentially compromised until verified.

Implement version pinning and release integrity verification for all security tool plugins in CI/CD pipelines: The malicious Jenkins plugin was identifiable by its anomalous version number format and absence of a git tag and GitHub release. Implement controls that enforce version pinning to verified releases, validate plugin signatures against official release artifacts, and alert on out-of-band version updates that bypass the expected release pipeline.