CVE-2026-53438NVD

Vulnerability Summary

A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have permission to view.

Severity Level

MEDIUM(4.3)

Published Date

Jun 10, 2026

Last Modified

Jun 10, 2026

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-862: Missing Authorization ↗

The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeUnchanged

ConfidentialityNone

IntegrityLow

AvailabilityNone

External References

https://www.jenkins.io/security/advisory/2026-06-10/#SECURITY-3712