CVE-2026-27099 — Vulnetix

CVE-2026-27099 PUBLISHED

Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure or Agent/Disconnect permission.

EPSS 0.07% · 22.2th percentile

Risk Scores

EPSS Score

0.07%

22.2th percentile

Affected Products

Vendor	Product	Versions
Bitnami	jenkins	2.483.0, 2.542.0
Bitnami	jenkins	2.483.0, 2.542.0

Timeline

Feb 18, 2026 CVE Published
Feb 18, 2026 PoC Published
Feb 18, 2026 PoC Published
Feb 18, 2026 PoC Published
Feb 19, 2026 EPSS Score
Feb 20, 2026 PoC Published
Feb 20, 2026 PoC Published
Feb 21, 2026 EPSS Score
Feb 21, 2026 PoC Published
Feb 22, 2026 EPSS Score
Feb 24, 2026 EPSS Score
Feb 25, 2026 CVE Updated

References

https://nvd.nist.gov/vuln/detail/CVE-2026-27099 url
https://www.jenkins.io/security/advisory/2026-02-18/#SECURITY-3669 url

Open in Interactive Console →