CVE-2026-27099
- Source
- https://cve.org/CVERecord?id=CVE-2026-27099
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27099.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-27099
- Aliases
- Downstream
- Related
- Published
- 2026-02-18T15:18:43.857Z
- Modified
- 2026-02-25T13:44:03.415935Z
- Severity
-
- 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure or Agent/Disconnect permission.
- References
Affected packages
Git / github.com/jenkinsci/jenkins
Affected versions
jenkins-2.*
jenkins-2.483
jenkins-2.484
jenkins-2.485
jenkins-2.486
jenkins-2.487
jenkins-2.488
jenkins-2.489
jenkins-2.490
jenkins-2.491
jenkins-2.492
jenkins-2.493
jenkins-2.494
jenkins-2.495
jenkins-2.496
jenkins-2.497
jenkins-2.498
jenkins-2.499
jenkins-2.500
jenkins-2.501
jenkins-2.502
jenkins-2.503
jenkins-2.504
jenkins-2.505
jenkins-2.506
jenkins-2.507
jenkins-2.508
jenkins-2.509
jenkins-2.510
jenkins-2.511
jenkins-2.512
jenkins-2.513
jenkins-2.514
jenkins-2.515
jenkins-2.516
jenkins-2.517
jenkins-2.518
jenkins-2.519
jenkins-2.520
jenkins-2.521
jenkins-2.522
jenkins-2.523
jenkins-2.524
jenkins-2.525
jenkins-2.526
jenkins-2.527
jenkins-2.528
jenkins-2.529
jenkins-2.530
jenkins-2.531
jenkins-2.532
jenkins-2.533
jenkins-2.534
jenkins-2.535
jenkins-2.536
jenkins-2.537
jenkins-2.538
jenkins-2.539
jenkins-2.540
jenkins-2.541
jenkins-2.541.1
jenkins-2.541.1-rc
jenkins-2.541.2-rc
jenkins-2.542
jenkins-2.543
jenkins-2.544
jenkins-2.545
jenkins-2.546
jenkins-2.547
jenkins-2.548
jenkins-2.549
jenkins-2.550