CVE-2026-53440
4.3
MEDIUM
CVSS 3.1
Description
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain.
How to fix CVE-2026-53440
To remediate CVE-2026-53440, upgrade the affected package to a fixed version below.
- Bitnami/jenkins—upgrade to 2.568.0 or later
Is CVE-2026-53440 being exploited?
No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2026-53440.
Affected packages (1)
- from 0, < 2.568.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |