CVE-2026-57288

LOW 3.7

CVSS Score

3.7

EPSS Score

0.0%

EPSS Percentile

0th

Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native (ADSI) authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a matching user whose password they know without knowing their exact user name.

Vendor	jenkins project
Product	jenkins active directory plugin
Published	Jun 24, 2026
Last Updated	Jun 24, 2026

Stay Ahead of the Next One

Get instant alerts for jenkins project jenkins active directory plugin

Be the first to know when new low vulnerabilities affecting jenkins project jenkins active directory plugin are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Jenkins Project / Jenkins Active Directory Plugin

0 ≤ 2.41.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

jenkins.io: https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3651