CVE-2026-53440

Currently unrated

Key Information:

Vendor: Jenkins
Status: Jenkins
Vendor: CVE Published:; 10 June 2026

What is CVE-2026-53440?

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain.

Affected Version(s)

Jenkins 2.568

Jenkins 2.555.3 < 2.555.*

References

https://www.jenkins.io/security/advisory/2026-06-10/#SECU...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53440 Data

JSON