CVE-2026-53441

Source
https://cve.org/CVERecord?id=CVE-2026-53441
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53441.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53441
Aliases
Downstream
Related
Published
2026-06-10T14:16:37.087Z
Modified
2026-07-15T06:10:07.923626Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the user-provided description of a generic offline cause that could be set through the POST config.xml API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.

References

Affected packages

Git / github.com/jenkinsci/jenkins

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/jenkins
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*",
        "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "2.483"
        },
        {
            "fixed": "2.568"
        },
        {
            "introduced": "2.492.1"
        },
        {
            "fixed": "2.555.3"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

jenkins-2.*
jenkins-2.483
jenkins-2.484
jenkins-2.485
jenkins-2.486
jenkins-2.487
jenkins-2.488
jenkins-2.489
jenkins-2.490
jenkins-2.491
jenkins-2.492
jenkins-2.493
jenkins-2.494
jenkins-2.495
jenkins-2.496
jenkins-2.497
jenkins-2.498
jenkins-2.499
jenkins-2.500
jenkins-2.501
jenkins-2.502
jenkins-2.503
jenkins-2.504
jenkins-2.505
jenkins-2.506
jenkins-2.507
jenkins-2.508
jenkins-2.509
jenkins-2.510
jenkins-2.511
jenkins-2.512
jenkins-2.513
jenkins-2.514
jenkins-2.515
jenkins-2.516
jenkins-2.517
jenkins-2.518
jenkins-2.519
jenkins-2.520
jenkins-2.521
jenkins-2.522
jenkins-2.523
jenkins-2.524
jenkins-2.525
jenkins-2.526
jenkins-2.527
jenkins-2.528
jenkins-2.529
jenkins-2.530
jenkins-2.531
jenkins-2.532
jenkins-2.533
jenkins-2.534
jenkins-2.535
jenkins-2.536
jenkins-2.537
jenkins-2.538
jenkins-2.539
jenkins-2.540
jenkins-2.541
jenkins-2.542
jenkins-2.543
jenkins-2.544
jenkins-2.545
jenkins-2.546
jenkins-2.547
jenkins-2.548
jenkins-2.549
jenkins-2.550
jenkins-2.551
jenkins-2.552
jenkins-2.553
jenkins-2.554
jenkins-2.555
jenkins-2.555.1
jenkins-2.555.1-rc
jenkins-2.555.2
jenkins-2.555.2-rc
jenkins-2.555.2-rc-2
jenkins-2.555.3-rc
jenkins-2.555.3-rc-2
jenkins-2.556
jenkins-2.557
jenkins-2.558
jenkins-2.559
jenkins-2.560
jenkins-2.561
jenkins-2.562
jenkins-2.563
jenkins-2.564
jenkins-2.565
jenkins-2.566
jenkins-2.567

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53441.json"