Stored Cross-Site Scripting in Jenkins by CloudBees
CVE-2026-53441
5.4MEDIUM
What is CVE-2026-53441?
The Jenkins automation server, versions 2.483 to 2.567, including various LTS versions, has a stored cross-site scripting (XSS) vulnerability. This flaw occurs due to inadequate escaping of user-provided descriptions in the POST config.xml API. Attackers with Agent/Configure permission can exploit this vulnerability, potentially compromising the integrity and confidentiality of the system. It's essential for administrators to update to the latest versions and implement proper security measures to mitigate this risk.
Affected Version(s)
Jenkins 0
Jenkins 0 < 2.483
Jenkins 2.568