CVE Catalog

CVE-2026-53436

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

8th percentile — higher than 8% of all known CVEs

Summary

Jenkins versions 2.567 and earlier, LTS 2.555.2 and earlier improperly determine that a redirect URL after login legitimately points to Jenkins when it contains relative path segments (`./` or `../`), allowing attackers to perform phishing attacks.

Risk Assessment

Organizations may become targets of phishing attacks, potentially leading to the theft of user login credentials and other sensitive information.

Recommendation

It is recommended to update Jenkins to the latest version to eliminate this vulnerability and implement additional security measures to protect against phishing attacks.

Original NVD description (English source)

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative path segments (`./` or `../`), allowing attackers to perform phishing attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS