Stored XSS Vulnerability in Jenkins Affecting Multiple Versions
CVE-2026-27099
8HIGH
What is CVE-2026-27099?
A stored cross-site scripting (XSS) vulnerability exists in Jenkins versions 2.483 to 2.550 and LTS versions 2.492.1 to 2.541.1. The flaw is due to improper escaping of user-provided input in the 'Mark temporarily offline' cause description. Attackers with Agent/Configure or Agent/Disconnect permissions can exploit this vulnerability to execute malicious scripts, potentially compromising user sessions and sensitive data.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Jenkins 0
Jenkins 0 < 2.483
Jenkins 2.551
References
CVSS V3.1
Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved