CVE-2026-53442EPSS p7.2%

CVE-2026-53442CVE-2026-53442

jenkins / jenkins

Description

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.

Scoring

CVSS 5.3 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS0.18% probability of exploitation · percentile 7.2% · 2026-06-19T12:03:05Z
Last modified2026-06-12

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-53435
CVE
CVE-2026-48926
CVE
CVE-2026-53438
CVE
CVE-2025-53652
CVE
CVE-2026-53439
CVE
CVE-2026-53441
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.