Open redirect in Jenkins and Jenkins LTS - CVE-2026-53440
Published: June 22, 2026
Jenkins
Jenkins LTS
Detailed vulnerability description
The vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to the affected application does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.