Jenkins config.xml deserialization leading to impersonation, file read, and potential RCE
CVE-2026-53435 (Jenkins SECURITY-3707) is a deserialization vulnerability in Jenkins affecting weekly 2.567 and earlier and LTS 2.555.2 and earlier. Jenkins deserializes attacker-controlled XML submitted via config.xml endpoints using XStream, while allowing classes from Jenkins core and installed plugins under its deserialization filter model. In vulnerable versions, an attacker can cause Jenkins to deserialize arbitrary allowed types from Jenkins core or plugins into configuration object graphs in a way that leaves those objects reachable through Stapler HTTP routing afterward. The provided analysis describes exploitation by planting an unexpected Jenkins-core object such as hudson.Plugin$DummyImpl into a deserialized container like a ListView properties collection, then reaching that object over a routed URL. Because that object inherits HTTP-callable behavior, it can be abused to serve files from a file:/ base path on the controller. The vendor advisory states this can be used to impersonate any user and send HTTP requests on their behalf, including access to the Script Console for arbitrary code execution, and to read arbitrary files from the Jenkins controller.
Are you exposed to this one?
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
Impact, mitigation & remediation
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
Impact
What an attacker gets, and what they’ve been doing with it.
Mitigation
If you can’t patch tonight, do this now.
Remediation
Patch, then assume compromise.
Exploits
1 valid exploit after Mallory filtered fakes, detection scripts, and README-only repos.
Repository contains a working Python proof-of-concept for CVE-2026-53435 against Jenkins, plus a self-contained Docker lab for vulnerable and patched instances. The main exploit file, exploit_cve_2026_53435_v2.py, authenticates to Jenkins with HTTP Basic Auth, optionally retrieves a CSRF crumb from /crumbIssuer/api/json, verifies identity via /whoAmI/api/json, and submits crafted XML to either /createView?name=<name> or /view/<name>/config.xml. The XML injects a hudson.Plugin$DummyImpl object into a ListView <properties> DescribableList using a pre-patch type-enforcement weakness. The injected object embeds baseResourceURL=file:/, and the exploit then triggers Stapler routing with GET /view/<name>/properties/0/<requested path> to return arbitrary controller-local file contents such as /etc/passwd. Exploit capability is authenticated arbitrary file read on the Jenkins controller. The README notes broader impact such as impersonation and Script Console RCE exists conceptually, but those chains are intentionally withheld and are not implemented in the analyzed exploit. Therefore this repository is a real exploit, not merely a detector, and its maturity is OPERATIONAL: it includes a concrete payload and end-to-end exploitation logic, but not a generalized framework. Repository structure: README.md documents the vulnerability, affected/fixed versions, usage, and validation against vulnerable 2.555.2 versus patched 2.555.3. exploit_cve_2026_53435_v2.py is the primary entry point and only active exploit code. The lab/ directory provides reproducible infrastructure: Dockerfile and docker-compose.yml spin up vulnerable Jenkins, patched Jenkins, and an OOB listener; init.groovy.d/01-setup.groovy provisions admin and lowpriv users with matrix-auth permissions; candidates.txt and lab/README.md describe additional lab-only discovery/canary workflows, but those referenced scripts are not present in this repository. Overall, the repo’s purpose is to demonstrate and reproduce authenticated Jenkins deserialization leading to arbitrary file read via malicious view configuration and routable core object injection.
Affected products & vendors
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
Recent activity
18 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A Jenkins deserialization vulnerability that allows an authenticated attacker to plant arbitrary Jenkins core/plugin types via config.xml and then reach them through Stapler routing, enabling impacts including arbitrary file read, user impersonation, and Script Console access/RCE.
A critical Jenkins remote code execution vulnerability caused by deserialization of attacker-controlled types via submitted config.xml, enabling impersonation of users, sending HTTP requests on their behalf, access to the Script Console, code execution, and reading sensitive files from the controller.
A Jenkins deserialization vulnerability that allows attackers to submit attacker-controlled config.xml data, deserialize arbitrary types, impersonate users, send HTTP requests on their behalf, execute arbitrary code via the Script Console, or read arbitrary files from the Jenkins controller.
The version that knows your environment.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.