Stored Cross-Site Scripting in Jenkins by CloudBees
CVE-2026-53441

5.4MEDIUM

Key Information:

Vendor

Jenkins

Status
Vendor
CVE Published:
10 June 2026

What is CVE-2026-53441?

The Jenkins automation server, versions 2.483 to 2.567, including various LTS versions, has a stored cross-site scripting (XSS) vulnerability. This flaw occurs due to inadequate escaping of user-provided descriptions in the POST config.xml API. Attackers with Agent/Configure permission can exploit this vulnerability, potentially compromising the integrity and confidentiality of the system. It's essential for administrators to update to the latest versions and implement proper security measures to mitigate this risk.

Affected Version(s)

Jenkins 0

Jenkins 0 < 2.483

Jenkins 2.568

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.