PatchSiren cyber security CVE debrief
CVE-2026-53436 Jenkins Project CVE debrief
CVE-2026-53436 is a medium-severity vulnerability in Jenkins that allows attackers to perform phishing attacks due to improper validation of redirect URLs after login. The vulnerability affects Jenkins 2.567 and earlier, as well as LTS 2.555.2 and earlier. The issue arises from the application's failure to properly determine if a redirect URL contains relative path segments (`./` or `../`), which can be exploited to redirect users to malicious sites.
- Vendor
- Jenkins Project
- Product
- Jenkins
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-11
Who should care
Administrators and users of Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability has a CVSS score of 4.3 and is classified as CWE-601. It allows attackers to perform phishing attacks by manipulating redirect URLs to point to malicious sites.
Defensive priority
MEDIUM
Recommended defensive actions
- Update Jenkins to version 2.568 or later, or LTS 2.555.3 or later.
- Refer to the vendor advisory for more information: [ref-4](https://www.jenkins.io/security/advisory/2026-06-10/#SECURITY-3711+3755)
Evidence notes
The information provided is based on the CVE record and NVD details.
Official resources
-
CVE-2026-53436 CVE record
CVE.org
-
CVE-2026-53436 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-53436 was published on 2026-06-10T14:16:36.547Z and modified on 2026-06-11T13:24:27.300Z.