{"api_version":"1","generated_at":"2026-06-11T02:42:35+00:00","cve":"CVE-2026-53441","urls":{"html":"https://cve.report/CVE-2026-53441","api":"https://cve.report/api/cve/CVE-2026-53441.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-53441","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-53441"},"summary":{"title":"CVE-2026-53441","description":"Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the user-provided description of a generic offline cause that could be set through the `POST config.xml` API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.","state":"PUBLISHED","assigner":"jenkins","published_at":"2026-06-10 14:16:37","updated_at":"2026-06-10 19:43:28"},"problem_types":[],"metrics":[],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-10/#SECURITY-3731","name":"https://www.jenkins.io/security/advisory/2026-06-10/#SECURITY-3731","refsource":"jenkinsci-cert@googlegroups.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-53441","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-53441","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Jenkins Project","product":"Jenkins","version":"unaffected 2.483 maven","platforms":[]},{"source":"CNA","vendor":"Jenkins Project","product":"Jenkins","version":"unaffected 2.568 * maven","platforms":[]},{"source":"CNA","vendor":"Jenkins Project","product":"Jenkins","version":"unaffected 2.555.3 2.555.* maven","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"affected","product":"Jenkins","vendor":"Jenkins Project","versions":[{"lessThan":"2.483","status":"unaffected","version":"0","versionType":"maven"},{"lessThan":"*","status":"unaffected","version":"2.568","versionType":"maven"},{"lessThan":"2.555.*","status":"unaffected","version":"2.555.3","versionType":"maven"}]}],"descriptions":[{"lang":"en","value":"Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the user-provided description of a generic offline cause that could be set through the `POST config.xml` API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission."}],"providerMetadata":{"dateUpdated":"2026-06-10T13:06:01.921Z","orgId":"39769cd5-e6e2-4dc8-927e-97b3aa056f5b","shortName":"jenkins"},"references":[{"name":"Jenkins Security Advisory 2026-06-10","tags":["vendor-advisory"],"url":"https://www.jenkins.io/security/advisory/2026-06-10/#SECURITY-3731"}]}},"cveMetadata":{"assignerOrgId":"39769cd5-e6e2-4dc8-927e-97b3aa056f5b","assignerShortName":"jenkins","cveId":"CVE-2026-53441","datePublished":"2026-06-10T13:06:01.921Z","dateReserved":"2026-06-09T14:26:44.789Z","dateUpdated":"2026-06-10T13:06:01.921Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-10 14:16:37","lastModifiedDate":"2026-06-10 19:43:28","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"53441","Ordinal":"1","Title":"CVE-2026-53441","CVE":"CVE-2026-53441","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"53441","Ordinal":"1","NoteData":"Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the user-provided description of a generic offline cause that could be set through the `POST config.xml` API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.","Type":"Description","Title":"CVE-2026-53441"}]}}}