← back
CVE-2026-27100

CVE-2026-27100

CVSS 4.3 MEDIUMEPSS 0.3%CWE-200
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
18 Feb 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds, and if a specified build exists, its display name.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
Jenkins Project · Jenkins

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.jenkins.io/security/advisory/2026-02-18/#SECURITY-3658