CVE

CVE-2026-27099

Jenkins has a stored XSS vulnerability in node offline cause description

CVE

CVE-2026-27099

Jenkins has a stored XSS vulnerability in node offline cause description

Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure or Agent/Disconnect permission.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Related Resources

No items found.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-27099, https://github.com/jenkinsci/jenkins/commit/578c028e2cdfdc9e124d0ca389a80bb2bd231ab2, https://github.com/jenkinsci/jenkins, https://github.com/jenkinsci/jenkins/releases/tag/jenkins-2.541.2, https://github.com/jenkinsci/jenkins/releases/tag/jenkins-2.551, https://www.jenkins.io/security/advisory/2026-02-18/#SECURITY-3669

Severity

8

CVSS Score

Basic Information

Ecosystem

Base CVSS

EPSS Probability

0.00059%

EPSS Percentile

0.18186%

Introduced Version

2.542,2.483,0

Fix Available

2.551,2.541.2,2.516.3-r4,2.528.3-r3,2.541.2-r0

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2026-27099

CVE-2026-27099

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

8

Basic Information

Fix Critical Vulnerabilities Instantly