TeamPCP Backdoored a Security Scanner. Your Security Tools Are the Target.
The Checkmarx Jenkins plugin, installed to find vulnerabilities in your code, was itself compromised with an infostealer. CVE-2026-33634. CVSS 9.4. Every secret in your CI/CD pipeline was exfiltrated.
#Your security scanner just scanned itself. It failed.
This is the one that broke my brain a little.
The Checkmarx Jenkins AST plugin is a CI/CD integration that scans your code for vulnerabilities during the build process. Its job is literally to find security problems in your software before you ship it. Developers install it because they care about security.
On May 9, 2026, TeamPCP published version 2026.5.09 of this plugin to the Jenkins plugin repository. Using credentials they'd harvested in a previous wave of their supply chain campaign.
The backdoored version carried an infostealer. The plugin that sits in your build pipeline to improve security was now stealing every secret your build pipeline touches.
CVE-2026-33634. CVSS 9.4.
#What the plugin had access to.
Jenkins plugins that run during the build process see everything. That's kind of the point. A security scanner needs to access your source code to scan it. But it also has access to:
- Cloud credentials injected as build environment variables (AWS keys, GCP service accounts, Azure secrets)
- Code-signing certificates and keys
- Container registry tokens (Docker Hub, ECR, GCR, ACR)
- npm/PyPI publish tokens (which is how TeamPCP publishes the next wave of backdoored packages)
- Database credentials used in integration tests
- API keys for services your CI/CD interacts with
- SSH keys used for deployment
The infostealer grabbed all of it. Everything. And exfiltrated it to TeamPCP's infrastructure, where it was triaged, validated, and used to stage the next round of attacks.
The security tool was the attack vector. The thing installed specifically to protect the pipeline was the thing that compromised it.
#This is TeamPCP's signature move.
Look at the pattern across their seven waves:
- Compromise a package or tool
- Harvest credentials from everyone who uses it
- Use those credentials to compromise the next package or tool
- Repeat
Each wave feeds the next. SAP packages gave them npm tokens. npm tokens gave them TanStack. TanStack gave them VS Code extension access. VS Code extensions gave them GitHub internal repos. Previous waves gave them the Checkmarx Jenkins credentials. Checkmarx gave them cloud and code-signing keys.
It's a worm. It feeds itself. And by targeting a security scanner, they're not just stealing credentials. They're undermining the trust model that the entire CI/CD ecosystem depends on. If you can't trust your security tools, what can you trust?
#What to do.
If you run the Checkmarx Jenkins AST plugin:
- Check your installed version immediately. If it's
2026.5.09, you were compromised. Upgrade to2.0.13-848.v76e89de8a_053or later.
- Rotate every secret that was accessible to your Jenkins environment. Cloud credentials, code-signing keys, registry tokens, database passwords, API keys, SSH keys. All of them. Assume they were exfiltrated.
- Audit your Jenkins audit logs for the period the bad version was installed. Look for unusual plugin behavior, unexpected outbound connections, or secret access patterns.
- Verify your published artifacts. If the attacker had access to your code-signing keys, any software you published during that window could have been tampered with. Verify checksums and signatures.
For everyone using CI/CD plugins:
- Pin plugin versions. Don't auto-update CI/CD plugins. When a new version appears, verify it corresponds to a tagged release in the plugin's source repository. The backdoored Checkmarx version had no matching git tag.
- Use minimal-privilege credentials in CI/CD. Every secret injected into a build should have the minimum scope needed for that specific build step. Don't give your security scanner access to your deployment credentials. Don't give your test runner access to your production database.
- Monitor for unexpected plugin updates. If a Jenkins plugin updates to a version that doesn't match the vendor's release notes, that's a red flag. Set up alerting for plugin version changes.
- Verify plugin integrity. Jenkins supports plugin signature verification. Enable it. It won't catch every supply chain attack (the attacker had valid publishing credentials), but it raises the bar.
#Further reading
- The Hacker News: Checkmarx Jenkins Compromise - incident details
- BleepingComputer: Official Package Compromised - investigation
- Checkmarx Security Update - vendor response
- Jenkins Plugin Security - plugin security best practices
- SLSA Framework - supply chain levels for software artifacts