CVE-2026-53440EPSS p14.7%

CVE-2026-53440CVE-2026-53440

jenkins / jenkins

Description

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain.

Scoring

CVSS 4.3 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS0.24% probability of exploitation · percentile 14.7% · 2026-06-19T12:03:05Z
Last modified2026-06-12

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-53436
CVE
CVE-2026-53437
CVE
CVE-2025-24398
CVE
CVE-2026-53435
CVE
CVE-2026-48916
CVE
CVE-2026-53442
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.