CVE Catalog

CVE-2026-53440

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

9th percentile — higher than 9% of all known CVEs

Summary

Jenkins versions 2.567 and earlier, LTS 2.555.2 and earlier do not validate the safety of the 'from' parameter in the 'Delegate to servlet container' security realm, allowing attackers to perform phishing attacks by redirecting users to attacker-controlled domains.

Risk Assessment

The organization is vulnerable to phishing attacks that may lead to the theft of user login credentials and other sensitive information.

Recommendation

It is recommended to update Jenkins to the latest version to ensure proper validation of redirect parameters after login.

Original NVD description (English source)

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS