CVE-2026-27100

Published: Feb 18, 2026

Modified: Feb 18, 2026

PUBLISHED

Description

Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds, and if a specified build exists, its display name.

Vendor	Product	Versions
Jenkins Project	Jenkins	unaffected `2.551 - < ` unaffected `2.541.2 - < 2.541.`

References

Jenkins Security Advisory 2026-02-18

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-27100

Description

Affected Products

References