CVE-2026-27099

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.483 through 2.550 Jenkins LTS versions 2.492.1 through 2.541.1

Description The application does not properly sanitize user-supplied data within the description field of the "Mark temporarily offline" functionality. This can lead to a stored cross-site scripting (XSS) condition. Successful exploitation requires an attacker to have Agent/Configure or Agent/Disconnect permissions. The vulnerability involves the lack of escaping of user input, potentially allowing malicious scripts to be stored and executed within the application.

Recommendations Update Jenkins to a version greater than 2.550. Update Jenkins LTS to a version greater than 2.541.1.