๐Ÿ” CVE Alert

CVE-2026-53436

MEDIUM 4.3
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative path segments (`./` or `../`), allowing attackers to perform phishing attacks.

Vendor jenkins project
Product jenkins
Ecosystems
Industries
Technology
Published Jun 10, 2026
Last Updated Jun 10, 2026
Stay Ahead of the Next One

Get instant alerts for jenkins project jenkins

Be the first to know when new medium vulnerabilities affecting jenkins project jenkins are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Jenkins Project / Jenkins
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
jenkins.io: https://www.jenkins.io/security/advisory/2026-06-10/#SECURITY-3711+3755