Vulnerability Details CVE-2026-53441
Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the user-provided description of a generic offline cause that could be set through the `POST config.xml` API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 10.3%
CVSS Severity
CVSS v3 Score 5.4
Products affected by CVE-2026-53441
-
cpe:2.3:a:jenkins:jenkins:2.483
-
cpe:2.3:a:jenkins:jenkins:2.484
-
cpe:2.3:a:jenkins:jenkins:2.485
-
cpe:2.3:a:jenkins:jenkins:2.486
-
cpe:2.3:a:jenkins:jenkins:2.487
-
cpe:2.3:a:jenkins:jenkins:2.488
-
cpe:2.3:a:jenkins:jenkins:2.489
-
cpe:2.3:a:jenkins:jenkins:2.490
-
cpe:2.3:a:jenkins:jenkins:2.491
-
cpe:2.3:a:jenkins:jenkins:2.492
-
cpe:2.3:a:jenkins:jenkins:2.492.1
-
cpe:2.3:a:jenkins:jenkins:2.492.2
-
cpe:2.3:a:jenkins:jenkins:2.492.3
-
cpe:2.3:a:jenkins:jenkins:2.493
-
cpe:2.3:a:jenkins:jenkins:2.494
-
cpe:2.3:a:jenkins:jenkins:2.495
-
cpe:2.3:a:jenkins:jenkins:2.496
-
cpe:2.3:a:jenkins:jenkins:2.497
-
cpe:2.3:a:jenkins:jenkins:2.498
-
cpe:2.3:a:jenkins:jenkins:2.499
-
cpe:2.3:a:jenkins:jenkins:2.500
-
cpe:2.3:a:jenkins:jenkins:2.501
-
cpe:2.3:a:jenkins:jenkins:2.502
-
cpe:2.3:a:jenkins:jenkins:2.503
-
cpe:2.3:a:jenkins:jenkins:2.504
-
cpe:2.3:a:jenkins:jenkins:2.504.1
-
cpe:2.3:a:jenkins:jenkins:2.504.2
-
cpe:2.3:a:jenkins:jenkins:2.504.3
-
cpe:2.3:a:jenkins:jenkins:2.505
-
cpe:2.3:a:jenkins:jenkins:2.506
-
cpe:2.3:a:jenkins:jenkins:2.507
-
cpe:2.3:a:jenkins:jenkins:2.508
-
cpe:2.3:a:jenkins:jenkins:2.509
-
cpe:2.3:a:jenkins:jenkins:2.510
-
cpe:2.3:a:jenkins:jenkins:2.511
-
cpe:2.3:a:jenkins:jenkins:2.512
-
cpe:2.3:a:jenkins:jenkins:2.513
-
cpe:2.3:a:jenkins:jenkins:2.514
-
cpe:2.3:a:jenkins:jenkins:2.515
-
cpe:2.3:a:jenkins:jenkins:2.516
-
cpe:2.3:a:jenkins:jenkins:2.516.1
-
cpe:2.3:a:jenkins:jenkins:2.516.2
-
cpe:2.3:a:jenkins:jenkins:2.516.3
-
cpe:2.3:a:jenkins:jenkins:2.517
-
cpe:2.3:a:jenkins:jenkins:2.518
-
cpe:2.3:a:jenkins:jenkins:2.519
-
cpe:2.3:a:jenkins:jenkins:2.520
-
cpe:2.3:a:jenkins:jenkins:2.521
-
cpe:2.3:a:jenkins:jenkins:2.522
-
cpe:2.3:a:jenkins:jenkins:2.523
-
cpe:2.3:a:jenkins:jenkins:2.524
-
cpe:2.3:a:jenkins:jenkins:2.525
-
cpe:2.3:a:jenkins:jenkins:2.526
-
cpe:2.3:a:jenkins:jenkins:2.527
-
cpe:2.3:a:jenkins:jenkins:2.528
-
cpe:2.3:a:jenkins:jenkins:2.528.1
-
cpe:2.3:a:jenkins:jenkins:2.528.2
-
cpe:2.3:a:jenkins:jenkins:2.528.3
-
cpe:2.3:a:jenkins:jenkins:2.529
-
cpe:2.3:a:jenkins:jenkins:2.530
-
cpe:2.3:a:jenkins:jenkins:2.531
-
cpe:2.3:a:jenkins:jenkins:2.532
-
cpe:2.3:a:jenkins:jenkins:2.533
-
cpe:2.3:a:jenkins:jenkins:2.534
-
cpe:2.3:a:jenkins:jenkins:2.535
-
cpe:2.3:a:jenkins:jenkins:2.536
-
cpe:2.3:a:jenkins:jenkins:2.537
-
cpe:2.3:a:jenkins:jenkins:2.538
-
cpe:2.3:a:jenkins:jenkins:2.539
-
cpe:2.3:a:jenkins:jenkins:2.540
-
cpe:2.3:a:jenkins:jenkins:2.541
-
cpe:2.3:a:jenkins:jenkins:2.541.1
-
cpe:2.3:a:jenkins:jenkins:2.541.2
-
cpe:2.3:a:jenkins:jenkins:2.541.3
-
cpe:2.3:a:jenkins:jenkins:2.542
-
cpe:2.3:a:jenkins:jenkins:2.543
-
cpe:2.3:a:jenkins:jenkins:2.544
-
cpe:2.3:a:jenkins:jenkins:2.545
-
cpe:2.3:a:jenkins:jenkins:2.546
-
cpe:2.3:a:jenkins:jenkins:2.547
-
cpe:2.3:a:jenkins:jenkins:2.548
-
cpe:2.3:a:jenkins:jenkins:2.549
-
cpe:2.3:a:jenkins:jenkins:2.550
-
cpe:2.3:a:jenkins:jenkins:2.551
-
cpe:2.3:a:jenkins:jenkins:2.552
-
cpe:2.3:a:jenkins:jenkins:2.553
-
cpe:2.3:a:jenkins:jenkins:2.554
-
cpe:2.3:a:jenkins:jenkins:2.555
-
cpe:2.3:a:jenkins:jenkins:2.555.1
-
cpe:2.3:a:jenkins:jenkins:2.555.2
-
cpe:2.3:a:jenkins:jenkins:2.556
-
cpe:2.3:a:jenkins:jenkins:2.557
-
cpe:2.3:a:jenkins:jenkins:2.558
-
cpe:2.3:a:jenkins:jenkins:2.559
-
cpe:2.3:a:jenkins:jenkins:2.560
-
cpe:2.3:a:jenkins:jenkins:2.561
-
cpe:2.3:a:jenkins:jenkins:2.562
-
cpe:2.3:a:jenkins:jenkins:2.563
-
cpe:2.3:a:jenkins:jenkins:2.564
-
cpe:2.3:a:jenkins:jenkins:2.565
-
cpe:2.3:a:jenkins:jenkins:2.566
-
cpe:2.3:a:jenkins:jenkins:2.567