VYPR
High severityNVD Advisory· Published Feb 18, 2026· Updated Feb 18, 2026

CVE-2026-27099

CVE-2026-27099

Description

Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure or Agent/Disconnect permission.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.main:jenkins-coreMaven
>= 2.542, < 2.5512.551
org.jenkins-ci.main:jenkins-coreMaven
>= 2.483, < 2.541.22.541.2

Affected products

10

Patches

Vulnerability mechanics

References

6

News mentions

1