JustAppSec
UNKNOWN Severity

CVE-2026-27099

Last updated Feb 18, 2026 · Published Feb 18, 2026

← Back to list

Description

Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure or Agent/Disconnect permission.

Affected products

1 listed
  • Jenkins Project:Jenkins

Mappings

CWE

None listed.

CAPEC

None listed.

CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms