VDB
CVE-2026-27100
CVE-2026-27100
PUBLISHED
Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds, and if a specified build exists, its display name.
EPSS 0.35% · 58.1th percentile
Risk Scores
EPSS Score
0.35%
58.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | jenkins | 2.483.0, 2.542.0 |
| Bitnami | jenkins | 2.483.0, 2.542.0 |
Exploit Intelligence
- CIRCL seen: CVE-2026-27100 (circl-sighting)
- CIRCL seen: CVE-2026-27100 (circl-sighting)
- CIRCL seen: CVE-2026-27100 (circl-sighting)
- Jenkins Security Advisory 2026-02-18 (circl)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
…and 6 more exploits
Timeline
- Feb 18, 2026 CVE Published
- Feb 19, 2026 EPSS Score
- Feb 20, 2026 PoC Published
- Feb 20, 2026 PoC Published
- Feb 21, 2026 EPSS Score
- Feb 21, 2026 PoC Published
- Feb 22, 2026 EPSS Score
- Feb 24, 2026 EPSS Score
- Feb 25, 2026 CVE Updated
- Feb 26, 2026 EPSS Score
- Feb 28, 2026 EPSS Score
- Mar 1, 2026 EPSS Score