Vulnerability Details CVE-2026-57288
Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native (ADSI) authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a matching user whose password they know without knowing their exact user name.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 13.0%
CVSS Severity
CVSS v3 Score 3.7
Products affected by CVE-2026-57288
-
cpe:2.3:a:jenkins:active_directory:1.0
-
cpe:2.3:a:jenkins:active_directory:1.1
-
cpe:2.3:a:jenkins:active_directory:1.10
-
cpe:2.3:a:jenkins:active_directory:1.11
-
cpe:2.3:a:jenkins:active_directory:1.12
-
cpe:2.3:a:jenkins:active_directory:1.13
-
cpe:2.3:a:jenkins:active_directory:1.14
-
cpe:2.3:a:jenkins:active_directory:1.15
-
cpe:2.3:a:jenkins:active_directory:1.16
-
cpe:2.3:a:jenkins:active_directory:1.17
-
cpe:2.3:a:jenkins:active_directory:1.18
-
cpe:2.3:a:jenkins:active_directory:1.19
-
cpe:2.3:a:jenkins:active_directory:1.2
-
cpe:2.3:a:jenkins:active_directory:1.20
-
cpe:2.3:a:jenkins:active_directory:1.21
-
cpe:2.3:a:jenkins:active_directory:1.22
-
cpe:2.3:a:jenkins:active_directory:1.23
-
cpe:2.3:a:jenkins:active_directory:1.24
-
cpe:2.3:a:jenkins:active_directory:1.25
-
cpe:2.3:a:jenkins:active_directory:1.26
-
cpe:2.3:a:jenkins:active_directory:1.27
-
cpe:2.3:a:jenkins:active_directory:1.28
-
cpe:2.3:a:jenkins:active_directory:1.29
-
cpe:2.3:a:jenkins:active_directory:1.3
-
cpe:2.3:a:jenkins:active_directory:1.30
-
cpe:2.3:a:jenkins:active_directory:1.31
-
cpe:2.3:a:jenkins:active_directory:1.32
-
cpe:2.3:a:jenkins:active_directory:1.33
-
cpe:2.3:a:jenkins:active_directory:1.34
-
cpe:2.3:a:jenkins:active_directory:1.35
-
cpe:2.3:a:jenkins:active_directory:1.36
-
cpe:2.3:a:jenkins:active_directory:1.37
-
cpe:2.3:a:jenkins:active_directory:1.38
-
cpe:2.3:a:jenkins:active_directory:1.39
-
cpe:2.3:a:jenkins:active_directory:1.4
-
cpe:2.3:a:jenkins:active_directory:1.40
-
cpe:2.3:a:jenkins:active_directory:1.41
-
cpe:2.3:a:jenkins:active_directory:1.42
-
cpe:2.3:a:jenkins:active_directory:1.43
-
cpe:2.3:a:jenkins:active_directory:1.44
-
cpe:2.3:a:jenkins:active_directory:1.45
-
cpe:2.3:a:jenkins:active_directory:1.46
-
cpe:2.3:a:jenkins:active_directory:1.47
-
cpe:2.3:a:jenkins:active_directory:1.48
-
cpe:2.3:a:jenkins:active_directory:1.49
-
cpe:2.3:a:jenkins:active_directory:1.5
-
cpe:2.3:a:jenkins:active_directory:1.6
-
cpe:2.3:a:jenkins:active_directory:1.7
-
cpe:2.3:a:jenkins:active_directory:1.8
-
cpe:2.3:a:jenkins:active_directory:1.9
-
cpe:2.3:a:jenkins:active_directory:2.0
-
cpe:2.3:a:jenkins:active_directory:2.1
-
cpe:2.3:a:jenkins:active_directory:2.10
-
cpe:2.3:a:jenkins:active_directory:2.11
-
cpe:2.3:a:jenkins:active_directory:2.12
-
cpe:2.3:a:jenkins:active_directory:2.13
-
cpe:2.3:a:jenkins:active_directory:2.14
-
cpe:2.3:a:jenkins:active_directory:2.15
-
cpe:2.3:a:jenkins:active_directory:2.16
-
cpe:2.3:a:jenkins:active_directory:2.16.1
-
cpe:2.3:a:jenkins:active_directory:2.17
-
cpe:2.3:a:jenkins:active_directory:2.18
-
cpe:2.3:a:jenkins:active_directory:2.19
-
cpe:2.3:a:jenkins:active_directory:2.2
-
cpe:2.3:a:jenkins:active_directory:2.20
-
cpe:2.3:a:jenkins:active_directory:2.22
-
cpe:2.3:a:jenkins:active_directory:2.23
-
cpe:2.3:a:jenkins:active_directory:2.23.1
-
cpe:2.3:a:jenkins:active_directory:2.24
-
cpe:2.3:a:jenkins:active_directory:2.24.1
-
cpe:2.3:a:jenkins:active_directory:2.25
-
cpe:2.3:a:jenkins:active_directory:2.25.1
-
cpe:2.3:a:jenkins:active_directory:2.26
-
cpe:2.3:a:jenkins:active_directory:2.27
-
cpe:2.3:a:jenkins:active_directory:2.3
-
cpe:2.3:a:jenkins:active_directory:2.30
-
cpe:2.3:a:jenkins:active_directory:2.4
-
cpe:2.3:a:jenkins:active_directory:2.5
-
cpe:2.3:a:jenkins:active_directory:2.6
-
cpe:2.3:a:jenkins:active_directory:2.7
-
cpe:2.3:a:jenkins:active_directory:2.8
-
cpe:2.3:a:jenkins:active_directory:2.9