Blog categories
Weekly newsletter
No spam. Just the latest releases and tips, interesting articles, and exclusive interviews in your inbox every week.
Latest from the blog
Inside CVE-2026-53435: Authenticated Deserialization to Full Controller Takeover in Jenkins via config.xml
Posted on: 17 Jun 2026 | Author: Foresiet
How a low-privileged account turns an XML configuration upload into arbitrary file read, user impersonation, and remote code execution — and how to detect and stop it.
Published 16 June 2026 · Fact-checked against the official project advisory and government vulnerability databases.
FOR EDUCATIONAL AND DEFENSIVE PURPOSES ONLY. This Blog explains a publicly disclosed and patched vulnerability so defenders can assess exposure, detect abuse, and remediate. It contains no weaponized exploit code.
At a Glance
Field | Detail |
CVE identifier | CVE-2026-53435 |
Project advisory ID | SECURITY-3707 (Jenkins project security advisory, 10 June 2026) |
Vulnerability class | CWE-502 — Deserialization of Untrusted Data |
CVSS v3.1 base score | 8.8 (High) — AV:N / AC:L / PR:L / UI:N / S:U / C:H / I:H / A:H |
Affected versions | Jenkins weekly up to and including 2.567; Jenkins LTS up to and including 2.555.2 |
Fixed versions | Jenkins weekly 2.568; Jenkins LTS 2.555.3 |
Privileges required | Authenticated. Overall/Read plus the ability to POST a config.xml (for example View/Configure, Item/Configure, or Agent/Configure) |
User interaction | None |
Attack vector | Network (HTTP/HTTPS to the Jenkins controller) |
Primary impact | Arbitrary file read, impersonation of any user, and Script Console remote code execution — i.e., full controller compromise |
Exploitation status | Public proof-of-concept for the file-read path is available; opportunistic scanning and exploitation attempts have been reported |
Note on scoring: the authoritative score recorded in the national vulnerability database is 8.8 (High). Some early third-party trackers quoted 9.0; this article uses the government-database value. Operationally the bug should be treated as critical because it leads to controller takeover.
1. Why This Vulnerability Matters
Jenkins is one of the most widely deployed automation servers in the world. It sits at the centre of continuous integration and continuous delivery (CI/CD): it holds source-code access tokens, cloud credentials, signing keys, and the logic that builds and ships software to production. A Jenkins controller is therefore not just another web application — it is a high-value pivot into an organisation’s entire software supply chain.
CVE-2026-53435 is a deserialization flaw in the Jenkins core. It allows an attacker who already holds a low-privileged, authenticated account to force the controller to rebuild attacker-chosen Java objects from an uploaded config.xml. Those objects are then used to handle subsequent web requests. The result is a chain that escalates from “I can edit a view” to “I can read any file on the controller, act as any administrator, and run arbitrary code.”
The official project advisory summarises the core issue plainly: in the affected versions, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins core or plugins from an attacker-controlled config.xml submission, and then use those objects to handle HTTP requests. From there an attacker can impersonate any user and send HTTP requests on their behalf — up to and including use of the Script Console to run arbitrary code — and can read arbitrary files from the controller.
2. Background: config.xml, XStream, and the Object Graph
To understand the bug, you first need to understand how Jenkins stores and accepts configuration.
2.1 Everything is a serialized object
Jenkins represents almost every configurable thing — jobs (items), views, agents (nodes), and their nested properties — as Java objects. It persists those objects to disk as XML using the XStream library. Each job has a config.xml; each view and agent has its own configuration document as well. When Jenkins boots or reads configuration, XStream deserializes that XML back into live Java objects.
Container types such as DescribableList hold collections of pluggable, user-describable components (the “properties” you see in the UI). This design is what makes Jenkins so extensible — and it is also what makes the deserialization surface so broad, because a configuration document can legitimately reference a very large set of core and plugin classes.
2.2 The config.xml endpoints accept POST
Jenkins exposes REST-style endpoints that let users read and write configuration as XML directly, bypassing the HTML forms. Typical shapes include:
GET /job/<name>/config.xml # read a job’s configuration POST /job/<name>/config.xml # replace a job’s configuration GET /view/<name>/config.xml # read a view’s configuration POST /view/<name>/config.xml # replace a view’s configuration POST /computer/<name>/config.xml # replace an agent’s configuration |
When a user POSTs an XML body to one of these endpoints, Jenkins hands it to XStream and rebuilds the object graph. That is the moment untrusted input becomes live objects — the textbook precondition for a deserialization vulnerability.
3. Root Cause Analysis: CWE-502 and the ClassFilter Gap
Java deserialization has a long, painful history. Around 2017 the Jenkins project introduced JEP-200, which replaced the platform’s permissive object stream with a ClassFilter allow-list. The intent was to ensure that only an approved set of classes could ever be deserialized, neutralising the classic “gadget chain” attacks that abuse arbitrary library classes during object reconstruction.
CVE-2026-53435 is interesting precisely because it does not rely on a classic external gadget chain. The problem here is narrower and more subtle:
– The allowed types were too broad for this code path. The config.xml handling allowed deserialization of arbitrary types defined in Jenkins core or in installed plugins. These are legitimate Jenkins classes that the ClassFilter does not block — so JEP-200 never trips.
– Some of those legitimate objects are web-routable. Jenkins uses the Stapler framework, which maps URLs onto Java objects and their methods reflectively. If a deserialized object becomes part of the live graph, it can become reachable over HTTP and can influence how later requests are handled.
– The endpoint’s permission model was insufficient. The affected path did not enforce a strong enough check for what an attacker could place and then reach. The fix adds an explicit Item/Read permission check on the endpoint, in addition to restricting the deserialized types.
In short: this is CWE-502 (Deserialization of Untrusted Data) where the danger is not a memory-corruption gadget but the insertion of an attacker-controlled, web-routable object into a trusted server’s request-handling graph. The official weakness definition captures the general risk: when a product deserializes untrusted data without sufficiently verifying it, attackers can manipulate object state, instantiate unintended objects, and ultimately reach code execution or privilege escalation.
Scope note: the official advisory describes the class of bug (arbitrary type deserialization from config.xml leading to request handling, file read, impersonation, and Script Console RCE). The specific class names and resource-base technique in Section 4 reflect the publicly demonstrated file-read path rather than verbatim advisory text, and are included to explain the mechanism for defenders.
4. The Exploit Chain, Step by Step
4.1 Preconditions
The attacker needs an authenticated account with Overall/Read and the ability to POST a configuration document — for example View/Configure or Item/Configure. In many real deployments these permissions are handed out generously to developers, contractors, or broad authenticated roles, which is exactly why a “low privilege” requirement is not reassuring.
4.2 Crafting the malicious config.xml
The attacker submits a view (or item) configuration whose properties contain a deserialized object that is both (a) accepted by the ClassFilter because it is a core/plugin type, and (b) able to serve static content. The publicly demonstrated file-read path points such an object’s resource base at the local filesystem with a file:/ URL. Conceptually, the uploaded document looks like this (generalised — the exact abused class is omitted on purpose):
POST /view/Demo/config.xml Content-Type: application/xml
<hudson.model.ListView> <name>Demo</name> <properties> <!– A core/plugin object that (1) passes the JEP-200 –> <!– ClassFilter and (2) exposes a static-resource –> <!– base. Its resource base is set to the local FS: –> <someRoutableProperty> <baseResourceURL>file:/</baseResourceURL> </someRoutableProperty> </properties> </hudson.model.ListView> |
4.3 From upload to arbitrary file read
Once the object is in the live graph, Stapler will route requests under the view’s URL to it. Because its resource base now points at file:/, requesting a path beneath the view causes the controller to read and return files straight off its own filesystem:
GET /view/Demo/<static-resource-path>/etc/passwd -> 200 OK, body = contents of /etc/passwd
GET /view/Demo/<static-resource-path>/var/lib/jenkins/secrets/master.key -> 200 OK, body = the controller’s master encryption key |
The file-read primitive alone is severe. The Jenkins home directory holds credentials.xml, the secrets/ directory, master.key, and per-job secrets. With master.key and the hudson.util.Secret key material, an attacker can decrypt stored credentials offline — cloud keys, registry tokens, SSH keys, and more.
4.4 From file read to impersonation and RCE
The same deserialization primitive lets the attacker have Jenkins handle HTTP requests as another user. By impersonating an administrator, the attacker can reach administrative endpoints — most importantly the Script Console at /script (and /scriptText), which executes Groovy with the full privileges of the controller JVM. At that point the compromise is total. A defender validating exploitation or patch status would run a benign command such as:
// Script Console (/script) runs Groovy as the controller process. // Benign confirmation used by defenders (no system changes): println Jenkins.instance.getVersion() println ‘id’.execute().text |
The Groovy above is intentionally harmless (it prints the version and the process identity). It is shown only to illustrate that Script Console access equals code execution on the controller.
5. Figure 1 — End-to-End Attack Flow
The diagram below is a plain-text, monochrome representation of the chain described above. Read it top to bottom.
Figure 1. Attack flow from a malicious config.xml submission to file read, impersonation, and Script Console remote code execution.
6. MITRE ATT&CK Mapping
This breach underscores the critical need for robust cybersecurity measures, particularly around third-party software. Key takeaways for organizations include:
- Swift Patch Management: Timely application of updates is essential to protect against exploits, especially in commonly used applications like MOVEit.
- Continuous Threat Monitoring: Organizations must monitor for emerging threats and act quickly when vulnerabilities are discovered.
- Employee Security Training: Ongoing training for employees is crucial to help them recognize potential phishing attempts resulting from exposed personal data.
- Enhanced Cloud Security: Given the use of open cloud storage by cybercriminals, securing cloud environments is a growing priority for data protection.
Organizations can proactively identify and respond to cyber risks through effective Threat Monitoring, helping reduce the impact of potential security incidents.
7. Impact Analysis
Because the controller is the trust anchor of the build pipeline, a single successful chain has cascading consequences:
– Secret theft. Stored credentials (cloud providers, container registries, SCM tokens, SSH keys) can be read and decrypted, enabling lateral movement well beyond Jenkins.
– Source and IP exposure. Checked-out repositories, build scripts, and environment files on the controller and workspaces become readable.
– Build and artifact poisoning. With code execution, an attacker can alter build steps, inject backdoors into produced binaries, or tamper with deployment jobs — a classic software-supply-chain attack.
– Lateral movement to agents and cloud. The controller orchestrates build agents and frequently holds cloud roles; compromise often extends into connected environments.
– Destruction and disruption. Code execution permits deletion or encryption of jobs, artifacts, and history, harming availability and recovery.
8. Detection and Threat Hunting
Even without a patch window, defenders can hunt for the behavioural signature of this chain. Focus on the access log, the audit trail, and the controller process.
8.1 What to look for
– config.xml POSTs from unusual accounts. Alert on POST requests to …/config.xml (view, job, or computer) from users who do not normally edit configuration, or from service/automation accounts.
– file: or filesystem paths inside view/item configuration. Hunt stored configuration and request bodies for file:/ resource bases or unexpected property objects in views.
– Anomalous static-resource requests under a view. Requests that walk into sensitive paths (for example /etc, secrets, master.key) beneath a view URL are a strong signal.
– Script Console use by non-administrators. Any access to /script or /scriptText by accounts that are not expected administrators warrants immediate review.
– Process-level signals. Unexpected child processes spawned by the Jenkins JVM (for example a shell), or unusual outbound connections, indicate post-exploitation activity.
8.2 Example access-log triage
The exact log format depends on your reverse proxy or the Jenkins access log, but the conceptual filter is straightforward:
# Pseudocode for log triage (adapt to your SIEM): WHERE http_method == “POST” AND url MATCHES “/(view|job|computer)/.*/config\\.xml$” AND user NOT IN (known_config_editors)
# Then correlate the same user/session with: # – GET requests under that view that reach sensitive file paths # – any subsequent access to /script or /scriptText |
9. Figure 2 — Disclosure and Exploitation Timeline
10 Jun 2026 Advisory published (SECURITY-3707 / CVE-2026-53435). Fixes shipped the same day: weekly 2.568, LTS 2.555.3.
Within days Public proof-of-concept for the file-read path appears.
Mid-June 2026 Opportunistic scanning and exploitation attempts reported against internet-exposed, unpatched controllers.
16 Jun 2026 Status at time of writing: patched releases available; organisations urged to update and audit immediately. |
Figure 2. Timeline of CVE-2026-53435 disclosure and early exploitation activity, June 2026.
10. Indicators and Hunting Artifacts
This is a configuration- and behaviour-driven vulnerability rather than a malware family, so the most useful indicators are artifacts and behaviours, not static network signatures. Treat the items below as hunting leads.
Category | Indicator / artifact to hunt |
Affected versions | Jenkins weekly ≤ 2.567; LTS ≤ 2.555.2 |
Fixed versions | Jenkins weekly 2.568; LTS 2.555.3 |
Delivery | POST to /view/, /job/, or /computer/ config.xml by an account that does not normally edit configuration |
Malicious config content | Unexpected property objects in a view/item, especially a file: resource base (e.g. baseResourceURL set to file:/) |
File-read attempts | Static-resource requests beneath a view URL that reach /etc, the Jenkins home, secrets/, or master.key |
Privilege abuse | Access to /script or /scriptText by non-administrator accounts; admin actions from a low-privilege session |
Post-exploitation | Jenkins JVM spawning shells/unexpected child processes; anomalous outbound connections from the controller |
11. Mitigation and Hardening
11.1 Patch first
Upgrade to Jenkins weekly 2.568 or LTS 2.555.3 (or later). The fix restricts the types that the affected path will deserialize to an expected set and adds an Item/Read permission check on the endpoint. Patching is the only complete fix.
11.2 Reduce who can submit configuration
– Limit View/Configure, Item/Configure, and Agent/Configure to a small, trusted set of administrators.
– Audit your authorization strategy for over-broad grants to authenticated or anonymous-equivalent roles.
– Remove or downgrade dormant accounts and unused API tokens that could provide the required foothold.
11.3 Shrink the exposure
– Do not expose the Jenkins controller directly to the internet. Place it behind a VPN or an authenticating gateway with IP allow-listing.
– Keep CSRF protection enabled and ensure the reverse proxy forwards and logs the authenticated identity.
– Maintain plugin hygiene: every installed plugin widens the set of deserializable types, so remove what you do not use and keep the rest updated.
11.4 If you suspect prior exploitation
– Review access and audit logs for the indicators in Section 10, going back to before the patch date.
– Assume stored secrets are compromised: rotate credentials, API tokens, SSH keys, and the controller’s secrets, and review downstream systems those secrets reach.
– Inspect recent changes to jobs, views, and build steps for tampering; compare against version control where configuration-as-code is used.
– Rebuild the controller from a known-good state if integrity cannot be assured.
To stay informed about emerging cyber risks and attack trends, Read Our Threat Reports for the latest insights and expert analysis.
Conclusion
A single deserialization gap converted an ordinary configuration feature into a path from a low-privileged login to complete controller compromise. The mechanics are not exotic — untrusted XML becomes live, web-routable objects — but the blast radius is large because of where Jenkins sits in the software lifecycle. With patched releases available and public exploit code circulating, the response is unambiguous: update to the June 2026 releases now, tighten who can submit configuration, take the controller off the public internet, and hunt the logs for the behaviours described above. In a CI/CD platform, time-to-patch is time-to-contain.
About us!
Foresiet is the pioneering force in digital security solutions, offering the first integrated Digital Risk Protection SaaS platform. With 24x7x365 dark web monitoring and proactive threat intelligence, Foresiet safeguards against data breaches and intellectual property theft. Our robust suite includes brand protection, takedown services, and supply chain assessment, enhancing your organization’s defense mechanisms. Attack surface management is a key component of our approach, ensuring comprehensive protection across all vulnerable points. Compliance is assured through adherence to ISO27001, NIST, GDPR, PCI, SOX, HIPAA, SAMA, CITC, and Third Party regulations. Additionally, our advanced antiphishing shield provides unparalleled protection against malicious emails. Trust Foresiet to empower your organization to navigate the digital landscape securely and confidently.
Latest
From the blog
The latest industry news, interviews, technologies, and resources.