CVE-2026-57288

CVSS Score & Metrics

Base Score

3.7 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N                                    

Vulnerability Description

Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native (ADSI) authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a matching user whose password they know without knowing their exact user name.

Vulnerability Details

Published Date

June 24, 2026

Last Modified

June 24, 2026

CWE ID

CWE-90

Source

NVD

Vendor

Jenkins Project

Product

Jenkins Active Directory Plugin

External References

https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3651

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment