diff --git a/Jenkins/CVE-2018-1000861/README.md b/Jenkins/CVE-2018-1000861/README.md
new file mode 100644
index 0000000..099fafc
--- /dev/null
+++ b/Jenkins/CVE-2018-1000861/README.md
@@ -0,0 +1,11 @@
+# CVE-2018-1000861 Jenkins Remote Code Execution Vulnerability
+
+A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.
+
+Affected version: 2.153 and earlier, LTS 2.138.3 and earlier
+
+FOFA query rule: app="Jenkins"
+
+# Demo
+
+![](jenkins_CVE-2018-1000861.gif)
\ No newline at end of file
diff --git a/Jenkins/CVE-2018-1000861/jenkins_CVE-2018-1000861.gif b/Jenkins/CVE-2018-1000861/jenkins_CVE-2018-1000861.gif
new file mode 100644
index 0000000..5ec9d36
Binary files /dev/null and b/Jenkins/CVE-2018-1000861/jenkins_CVE-2018-1000861.gif differ