Sign In

CVE-2026-27099

ADVISORY - github

Summary

Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure or Agent/Disconnect permission.

EPSS Score: 0.00041 (0.125)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADVISORY - github

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADVISORY - redhat

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2026-27099
EXPLOITABILITY SCORE

2.1

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-79

CVSS SCORE

8high

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-85h6-5m3v-gx37
EXPLOITABILITY SCORE

2.1

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-79

CVSS SCORE

8high

Bitnami

CREATED

UPDATED

ADVISORY ID

BIT-jenkins-2026-27099

EXPLOITABILITY SCORE

2.1

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

8high

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2026-27099
EXPLOITABILITY SCORE

2.1

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-79

CVSS SCORE

4.6medium