It appears as though there is a discrepancy between the Jenkins Security Advisory: Jenkins Security Advisory 2024-01-24 and the CVE listing in NVD - CVE-2024-23897 (nist.gov)
NVD NIST shows that versions 2.441 and earlier or 2.426.2 or earlier are vulnerable. While the Jenkins security advisory has those two, but a callout that 2.440.1 is safe. This is a pretty major discrepancy and should be corrected in one of the two areas so that the community can be aware of which version they need to update to.