CVE Catalog

CVE-2026-53437

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

28th percentile — higher than 28% of all known CVEs

Summary

A vulnerability in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains tab or newline characters between `//`, allowing attackers to perform phishing attacks.

Risk Assessment

The risk involves the possibility of redirecting users after login to a malicious site, potentially leading to theft of credentials or other sensitive information.

Recommendation

It is recommended to immediately upgrade Jenkins to version 2.568 or later, and for LTS versions to 2.555.3 or later, to eliminate the vulnerability.

Original NVD description (English source)

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains tab or newline characters between `//`, allowing attackers to perform phishing attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS