CVE-2026-27099 – Jenkins Security Update
CVSS 8
IMPORTANT
“If attackers control your build server, they control your software supply chain.”
These Jenkins vulnerabilities weakened core security controls within CI/CD environments. One issue allowed an authenticated user with limited permissions to bypass authorization checks and access restricted functionality or sensitive information, including credentials and job configurations. The second issue involved insufficient input validation, which could allow limited manipulation of system behavior depending on configuration.
The access control weakness carries a high severity score of 8.0, while the input validation issue is rated 4.3 (medium severity). Jenkins addressed both issues in updated core releases.
Key Details
- Affected Product
- Jenkins Jenkins
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- Required
- CWE Classification
- CWE-79
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.