Missing Encryption of Sensitive Data in Jenkins and Jenkins LTS - CVE-2026-53442
Published: June 22, 2026
Jenkins
Jenkins LTS
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected application does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files. A remote attacker can gain access to sensitive information on the system.