CVE-2026-53442
MEDIUMDescription
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.
Is your site exposed to CVE-2026-53442?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| jenkins | jenkins |
| jenkins | jenkins |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-53442? +
How severe is CVE-2026-53442? +
What products are affected by CVE-2026-53442? +
How do I check if I'm vulnerable to CVE-2026-53442? +
Related Vulnerabilities
Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2.
The Temporal api-go library prior to version 1.44.1 did not send `update response` information to Data Converter when the proxy …
Sensitive customer information is stored in the device without encryption.
Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT …
Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to …
ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Due to the …