CVE-2026-53439
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names of other users' 'My Views'.
Risk Assessment
Attackers can gain access to sensitive information about user configurations, potentially leading to further attacks or privacy breaches.
Recommendation
It is recommended to upgrade to the latest version of Jenkins to eliminate the missing permission checks and minimize the risk associated with information disclosure.
Original NVD description (English source)
Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names of other users' "My Views".

