cvedb.io
CVE-2026-53440
MEDIUM · CVSS 4.3
EPSS exploitation probability: 0%
Published 2026-06-10T14:16:36.990 · Last modified 2026-06-17T10:57:55.630

Summary

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain.

Affected products

jenkins — jenkins

Does this affect you?

Add your gear to cvedb and we'll alert you only when jenkins ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.