Permission Check Flaw in Jenkins by CloudBees
CVE-2026-53438
4.3MEDIUM
What is CVE-2026-53438?
A critical flaw in Jenkins, specifically in versions 2.567 and earlier, as well as in LTS versions 2.555.2 and earlier, allows attackers with Item/Cancel permissions to cancel queued items without having Item/Read permissions. This lack of a necessary permission check opens up the potential for unauthorized manipulation of item queues, which could lead to significant disruptions in CI/CD workflows.
Affected Version(s)
Jenkins 2.568
Jenkins 2.568
Jenkins 2.555.3 < 2.555.*