CVE-2026-53438

Summary

A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have permission to view.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins2.568 < *unaffected
Jenkins ProjectJenkins2.555.3 < 2.555.*unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References