CVE-2026-27100

medium

Red Hat

CVSS v3 Base Score

4.3

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Published: February 18, 2026

Last Modified: February 18, 2026

Vendor: Red Hat

Description

Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds, and if a specified build exists, its display name.

CWE

CWE-551

Affected Products

OpenShift Developer Tools and Services

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 www.jenkins.io

CVE-2026-27100

Vulnerability Report

Description

CWE

Affected Products

References