CVE-2026-27100

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.550 and earlier Jenkins LTS versions 2.541.1 and earlier

Description The software allows access to information about jobs, builds, and build display names even when a user does not have permission to view them. This occurs because the software accepts Run Parameter values that reference builds inaccessible to the user submitting the build. An attacker with Item/Build and Item/Configure permission can exploit this.

Recommendations Update Jenkins to a version later than 2.550. Update Jenkins LTS to a version later than 2.541.1.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2026-05583

BIT-JENKINS-2026-27100

CVE-2026-27100

GHSA-WFHP-QGM8-5P5C

Affected Products

Jenkins

Red Os

CVE-2026-27100

Weakness Enumeration

Related Identifiers

Affected Products

References · 21