Phishing Vulnerability in Jenkins from CloudBees
CVE-2026-53436
4.3MEDIUM
What is CVE-2026-53436?
A security feature in Jenkins fails to properly validate redirect URLs after user login, permitting malicious actors to redirect users to illegitimate sites using relative path segments (like ./ or ../). This vulnerability exposes users to potential phishing attacks, jeopardizing sensitive information and organizational security.
Affected Version(s)
Jenkins 2.568
Jenkins 2.568
Jenkins 2.555.3 < 2.555.*