EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

Advisories flag two jenkins core flaws: stored XSS (CVE-2026-27099) and info leak (CVE-2026-27100)

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-02-18 15:32 UTCUpdated 2026-02-19 03:00 UTC
rss
cvevulnerabilityjenkinsxssinformation_disclosureadvisory
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (2)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (2 domains)domains are deduped. counts indicate coverage, not truth.
2 top sources shown
Vulnerability in Jenkins Project Jenkins
NCSC-FI - Vulnerabilities · Advisory · nvd.nist.gov · 2026-02-19 03:00 UTC
Jenkins (core): CVSS (Max): 8.0
AusCERT - Bulletins · News · portal.auscert.org.au · 2026-02-19 02:40 UTC
limited source diversity in top sources
View all evidence
Overview

Two critical vulnerabilities have been reported in Jenkins core: CVE-2026-27099, a stored XSS flaw, and CVE-2026-27100, which may expose job and build information. Users are advised to update to the latest versions to address these issues.

Entities
Jenkins
Score total
0.91
Momentum 24h
2
Posts
2
Origins
2
Source types
1
Duplicate ratio
0%
Why now
  • New advisories were published referencing CVE-2026-27099 and CVE-2026-27100.
  • Fix guidance is time-sensitive: update Jenkins weekly/LTS to the specified versions.
  • CVSS severity is reported as 8.0 for CVE-2026-27099 in the advisories.
Why it matters
  • Stored XSS in Jenkins can enable malicious script execution in affected workflows.
  • Run Parameter issue may expose information about jobs/builds to authorized-but-restricted users.
  • Jenkins is widely used in CI/CD; core flaws can impact build infrastructure security.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
  • CVE-2026-27099 is a stored XSS vulnerability in Jenkins that could allow script execution.
  • CVE-2026-27100 allows unauthorized access to information about jobs and builds.
How sources frame it
  • AusCERT: neutral
  • NVD: neutral
All evidence
All evidence
Vulnerability in Jenkins Project Jenkins
NCSC-FI - Vulnerabilities · nvd.nist.gov · 2026-02-19 03:00 UTC
Jenkins (core): CVSS (Max): 8.0
AusCERT - Bulletins · portal.auscert.org.au · 2026-02-19 02:40 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -
Showing 2 / 0
Top publishers (this list)
  • NCSC-FI - Vulnerabilities (1)
  • AusCERT - Bulletins (1)
Top origin domains (this list)
  • nvd.nist.gov (1)
  • portal.auscert.org.au (1)