CVE-2026-27100
Last modified
CVE-2026-27100 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds, and if a specified build exists, its display name.. EPSS estimates a 0.33% chance of exploitation in the next 30 days.
Description
Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds, and if a specified build exists, its display name.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Jenkins | < 2.541.2 |
| Jenkins | Jenkins | < 2.551 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-27100?
How severe is CVE-2026-27100?
How do I fix CVE-2026-27100?
Are you affected by CVE-2026-27100?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST