Critical Jenkins Security Advisory 2026: Patch Multiple Flaws

A new Jenkins security advisory released in 2026 reports several high-impact issues affecting Jenkins, including remote code execution and data exposure via deserialization (CVE-2026-53435) and additional open redirect and XSS-related weaknesses (CVE-2026-53436, CVE-2026-53437, CVE-2026-53441). The advisory also addresses missing authorization checks and information leakage that can let attackers disrupt job queues, view sensitive user data, and extract plaintext secrets from POST config.xml submissions (CVE-2026-53438, CVE-2026-53439, CVE-2026-53442). Because these flaws can be exploited against CI/CD deployments, Jenkins administrators should apply the published patches immediately—upgrading to version 2.568 for weekly releases or 2.555.3 for LTS.