CVE-2026-53440

Summary

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins2.568 < *unaffected
Jenkins ProjectJenkins2.555.3 < 2.555.*unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References