CVE-2026-53441

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the user-provided description of a generic offline cause that could be set through the POST config.xml API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-53441

Affected Products

Jenkins

CVE-2026-53441

Related Identifiers

Affected Products

References · 2