Nixpkgs Security Tracker

Login with GitHub

Details of issue NIXPKGS-2026-0273

NIXPKGS-2026-0273
published on 19 Feb 2026
Permalink CVE-2026-27099
updated 2 days, 12 hours ago by @LeSuisse Activity log
  • Created automatic suggestion 2 days, 13 hours ago
  • @LeSuisse removed
    10 packages
    • python314Packages.jenkins-job-builder
    • python313Packages.jenkins-job-builder
    • python312Packages.jenkins-job-builder
    • python314Packages.python-jenkins
    • python313Packages.python-jenkins
    • python312Packages.python-jenkins
    • python312Packages.jenkinsapi
    • python313Packages.jenkinsapi
    • python314Packages.jenkinsapi
    • jenkins-job-builder
    2 days, 12 hours ago
  • @LeSuisse removed
    3 maintainers
    • @coreyoconnor
    • @earldouglas
    • @NeQuissimus
    2 days, 12 hours ago
  • @LeSuisse accepted 2 days, 12 hours ago
  • @LeSuisse published on GitHub 2 days, 12 hours ago
Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 …

Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure or Agent/Disconnect permission.

Affected products

Jenkins
  • *
  • <2.483
  • <2.541.*

Matching in nixpkgs

Ignored packages (10)

Package maintainers

Ignored maintainers (3) 
Upstream advisory: https://www.jenkins.io/security/advisory/2026-02-18/