VuXML: jenkins -- multiple vulnerabilities

VuXML ID	35598415-56de-4562-959c-11fb1fd2d995
Discovery	2026-06-10
Entry	2026-06-17

Jenkins Security Advisory 2026-06-10:

SECURITY-3707 / CVE-2026-53435: Deserialization vulnerability (High)

SECURITY-3711+3755 / CVE-2026-53436, CVE-2026-53437: Open redirect vulnerability (Medium)

SECURITY-3712 / CVE-2026-53438: Missing permission check allows canceling queue items (Medium)

SECURITY-3713 / CVE-2026-53439: Missing permission checks allow obtaining limited user profile information (Medium)

SECURITY-3721 / CVE-2026-53440: Open redirect vulnerability in "Delegate to servlet container" security realm (Medium)

SECURITY-3731 / CVE-2026-53441: Stored XSS vulnerability in node offline cause description (High)

SECURITY-3744 / CVE-2026-53442: Plaintext secrets persisted and served by config.xml endpoints (Medium)

[source]

CVE Name	CVE-2026-53435
CVE Name	CVE-2026-53436
CVE Name	CVE-2026-53437
CVE Name	CVE-2026-53438
CVE Name	CVE-2026-53439
CVE Name	CVE-2026-53440
CVE Name	CVE-2026-53441
CVE Name	CVE-2026-53442
URL	https://www.jenkins.io/security/advisory/2026-06-10/

jenkins -- multiple vulnerabilities

Details

References