CVE-2026-53440
CVE-2026-53440
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Affected products
Jenkins Project · JenkinsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →