VDB
BIT-jenkins-2026-27099
BIT-jenkins-2026-27099
PUBLISHED
CVSS 8 HIGH
Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure or Agent/Disconnect permission.
Risk Scores
CVSS 3.1
8
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | jenkins | 2.483.0, 2.542.0, 2.483.0 |
Exploit Intelligence
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- cve-2026-27099.sh (github-poc)
Timeline
- Feb 20, 2026 CVE Published
- Feb 22, 2026 CVE Updated