Jenkins

vulnerabilities 2026-06-15
Jenkins CVE-2026-53435: config.xml Deserialization RCE Exploited Five Days After Disclosure
CVE-2026-53435 (CVSS 9.0) is an unsafe-deserialization RCE in Jenkins' config.xml handling. Disclosed June 10, a public PoC is now driving in-the-wild exploitation against internet-exposed CI/CD servers. Patch to weekly 2.568 or LTS 2.555.3.
cve-2026-53435 jenkins deserialization rce ci-cd supply-chain-risk active-exploitation

Jenkins CVE-2026-53435: config.xml Deserialization RCE Exploited Five Days After Disclosure