CVE-2026-53435

Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 2.568 Jenkins LTS versions prior to 2.555.3

Description An issue exists where the software deserializes arbitrary types defined in the core or plugins from an attacker-controlled config.xml submission. This allows attackers to handle HTTP requests, impersonate any user, and send requests on their behalf. This can lead to the execution of arbitrary code via the Script Console or the reading of arbitrary files from the Jenkins controller.

Recommendations Update to version 2.568 or later. Update to LTS version 2.555.3 or later.