CVE-2026-53438
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have permission to view.
Risk Assessment
Attackers can cancel queued tasks, potentially disrupting system operations and causing loss of important processes.
Recommendation
It is recommended to upgrade to the latest version of Jenkins to mitigate this security vulnerability.
Original NVD description (English source)
A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have permission to view.

