Critical Jenkins Vulnerability Exposes Build Environments to XSS Attacks

Fri Feb 20 2026

Open Source

Vulnerability

cybersecuritynews.com

Security Advisory has revealed multiple vulnerabilities in Jenkins Core, including a stored Cross-Site Scripting (XSS) flaw that could expose build environments to severe security risks. The issues, identified as CVE-2026-27099 and CVE-2026-27100, were responsibly disclosed under the Jenkins Bug Bounty Program sponsored by the European Commission. The most critical of the two, tracked as CVE-2026-27099, is a high-severity stored XSS vulnerability that impacts […] The post Critical Jenkins Vulnerability Exposes Build Environments to XSS Attacks appeared first on Cyber Security News.