Critical Jenkins Vulnerability Exposes Build Environments to XSS Attacks

A critical stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2026-27099, has been discovered in Jenkins Core affecting versions 2.550 and earlier, and LTS versions 2.541.1 and earlier, potentially exposing build environments to severe security risks. Additionally, CVE-2026-27100, a medium-severity vulnerability, allowed unauthorized access to build information. Jenkins versions 2.551 and LTS 2.541.2 have been released to address these issues.