Vulnerability Details CVE-2026-27099
Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure or Agent/Disconnect permission.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.5%
CVSS Severity
CVSS v3 Score 8.0
Products affected by CVE-2026-27099
-
cpe:2.3:a:jenkins:jenkins:2.483
-
cpe:2.3:a:jenkins:jenkins:2.484
-
cpe:2.3:a:jenkins:jenkins:2.485
-
cpe:2.3:a:jenkins:jenkins:2.486
-
cpe:2.3:a:jenkins:jenkins:2.487
-
cpe:2.3:a:jenkins:jenkins:2.488
-
cpe:2.3:a:jenkins:jenkins:2.489
-
cpe:2.3:a:jenkins:jenkins:2.490
-
cpe:2.3:a:jenkins:jenkins:2.491
-
cpe:2.3:a:jenkins:jenkins:2.492
-
cpe:2.3:a:jenkins:jenkins:2.492.1
-
cpe:2.3:a:jenkins:jenkins:2.492.2
-
cpe:2.3:a:jenkins:jenkins:2.492.3
-
cpe:2.3:a:jenkins:jenkins:2.493
-
cpe:2.3:a:jenkins:jenkins:2.494
-
cpe:2.3:a:jenkins:jenkins:2.495
-
cpe:2.3:a:jenkins:jenkins:2.496
-
cpe:2.3:a:jenkins:jenkins:2.497
-
cpe:2.3:a:jenkins:jenkins:2.498
-
cpe:2.3:a:jenkins:jenkins:2.499
-
cpe:2.3:a:jenkins:jenkins:2.500
-
cpe:2.3:a:jenkins:jenkins:2.501
-
cpe:2.3:a:jenkins:jenkins:2.502
-
cpe:2.3:a:jenkins:jenkins:2.503
-
cpe:2.3:a:jenkins:jenkins:2.504
-
cpe:2.3:a:jenkins:jenkins:2.504.1
-
cpe:2.3:a:jenkins:jenkins:2.504.2
-
cpe:2.3:a:jenkins:jenkins:2.504.3
-
cpe:2.3:a:jenkins:jenkins:2.505
-
cpe:2.3:a:jenkins:jenkins:2.506
-
cpe:2.3:a:jenkins:jenkins:2.507
-
cpe:2.3:a:jenkins:jenkins:2.508
-
cpe:2.3:a:jenkins:jenkins:2.509
-
cpe:2.3:a:jenkins:jenkins:2.510
-
cpe:2.3:a:jenkins:jenkins:2.511
-
cpe:2.3:a:jenkins:jenkins:2.512
-
cpe:2.3:a:jenkins:jenkins:2.513
-
cpe:2.3:a:jenkins:jenkins:2.514
-
cpe:2.3:a:jenkins:jenkins:2.515
-
cpe:2.3:a:jenkins:jenkins:2.516
-
cpe:2.3:a:jenkins:jenkins:2.516.1
-
cpe:2.3:a:jenkins:jenkins:2.516.2
-
cpe:2.3:a:jenkins:jenkins:2.516.3
-
cpe:2.3:a:jenkins:jenkins:2.517
-
cpe:2.3:a:jenkins:jenkins:2.518
-
cpe:2.3:a:jenkins:jenkins:2.519
-
cpe:2.3:a:jenkins:jenkins:2.520
-
cpe:2.3:a:jenkins:jenkins:2.521
-
cpe:2.3:a:jenkins:jenkins:2.522
-
cpe:2.3:a:jenkins:jenkins:2.523
-
cpe:2.3:a:jenkins:jenkins:2.524
-
cpe:2.3:a:jenkins:jenkins:2.525
-
cpe:2.3:a:jenkins:jenkins:2.526
-
cpe:2.3:a:jenkins:jenkins:2.527
-
cpe:2.3:a:jenkins:jenkins:2.528
-
cpe:2.3:a:jenkins:jenkins:2.528.1
-
cpe:2.3:a:jenkins:jenkins:2.528.2
-
cpe:2.3:a:jenkins:jenkins:2.528.3
-
cpe:2.3:a:jenkins:jenkins:2.529
-
cpe:2.3:a:jenkins:jenkins:2.530
-
cpe:2.3:a:jenkins:jenkins:2.531
-
cpe:2.3:a:jenkins:jenkins:2.532
-
cpe:2.3:a:jenkins:jenkins:2.533
-
cpe:2.3:a:jenkins:jenkins:2.534
-
cpe:2.3:a:jenkins:jenkins:2.535
-
cpe:2.3:a:jenkins:jenkins:2.536
-
cpe:2.3:a:jenkins:jenkins:2.537
-
cpe:2.3:a:jenkins:jenkins:2.538
-
cpe:2.3:a:jenkins:jenkins:2.539
-
cpe:2.3:a:jenkins:jenkins:2.540
-
cpe:2.3:a:jenkins:jenkins:2.541
-
cpe:2.3:a:jenkins:jenkins:2.541.1
-
cpe:2.3:a:jenkins:jenkins:2.542
-
cpe:2.3:a:jenkins:jenkins:2.543
-
cpe:2.3:a:jenkins:jenkins:2.544
-
cpe:2.3:a:jenkins:jenkins:2.545
-
cpe:2.3:a:jenkins:jenkins:2.546
-
cpe:2.3:a:jenkins:jenkins:2.547
-
cpe:2.3:a:jenkins:jenkins:2.548
-
cpe:2.3:a:jenkins:jenkins:2.549
-
cpe:2.3:a:jenkins:jenkins:2.550