CVE-2026-53437
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk28th percentile — higher than 28% of all known CVEs
Summary
A vulnerability in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains tab or newline characters between `//`, allowing attackers to perform phishing attacks.
Risk Assessment
The risk involves the possibility of redirecting users after login to a malicious site, potentially leading to theft of credentials or other sensitive information.
Recommendation
It is recommended to immediately upgrade Jenkins to version 2.568 or later, and for LTS versions to 2.555.3 or later, to eliminate the vulnerability.
Original NVD description (English source)
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains tab or newline characters between `//`, allowing attackers to perform phishing attacks.

