Jenkins Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2026-27099 - Vulnerability Database

Jenkins

Jenkins Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2026-27099

High

Reference: CVE-2026-27099

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-27099

Title: Jenkins Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

Jenkins 2.483 through 2.550 (both inclusive) LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the quotMark temporarily offlinequot offline cause resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure or Agent/Disconnect permission.