CVE Catalog

CVE-2026-53438

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

8th percentile — higher than 8% of all known CVEs

Summary

A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have permission to view.

Risk Assessment

Attackers can cancel queued tasks, potentially disrupting system operations and causing loss of important processes.

Recommendation

It is recommended to upgrade to the latest version of Jenkins to mitigate this security vulnerability.

Original NVD description (English source)

A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have permission to view.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS