Critical Jenkins CVE-2026-27099 Exposes CI/CD Pipelines to Stored XSS Attacks

Jenkins core contains two vulnerabilities including high-severity stored XSS tracked as CVE-2026-27099. Attackers with Agent/Configure or Agent/Disconnect permissions inject JavaScript via node offline descriptions. Builds and admin panels face session hijacking risks. The XSS flaw affects Jenkins 2.483 through 2.550 and LTS 2.492.1 through 2.541.1. Since version 2.483, offline cause fields accepted HTML. Vulnerable releases […] The post Critical Jenkins CVE-2026-27099 Exposes CI/CD Pipelines to Stored XSS Attacks appeared first on VPN Central.