A critical deserialization vulnerability in Jenkins is now being actively exploited by threat actors, with honeypot telemetry confirming live attack attempts as of the early hours of June 15, 2026. CVE-2026-53435 is a deserialization vulnerability affecting Jenkins 2.567 and earlier, and Jenkins LTS 2.555.2 and earlier, Defused said. The flaw resides in how Jenkins handles config.xml submissions […]
The post Critical Jenkins RCE Vulnerability Under Active Exploitation in the Wild appeared first on Cyber Security News.