Unknown CVE-2026-53440 Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled...

#Sicherheitslücke #Phishing #Cloud

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

[Unknown] CVE-2026-53440 – Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "fro...

VERWANDTEARTIKEL

Hackers Use Tax Phishing Emails to Deploy In-Memory Malware on Windows Systems

OpenClaw AI Agent Leaks Sensitive Credentials in New Phishing Attack Simulation

CVE-2026-49759 - Stack buffer overflow in SCTP error cause parsing in inet_drv allows remote VM crash

CVE-2026-46558 - Plane: Cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces

CVE-2026-45569 - Roxy-WI: Path-traversal patch in commit d4d10006 is a no-op (tuple-membership bug)

CVE-2026-45565 - Roxy-WI: EscapedString validator skips its '..' block when stripping (root cause for several path-traversal/RCE vectors)