What is CVE-2026-57288?

CVE-2026-57288 is a low-severity vulnerability in Jenkins Project Active Directory Plugin, classified under LDAP Injection. CVSS score: 3.7/10. Published 2026-06-24.

How severe is CVE-2026-57288?

Low severity. CVSS v3 base score is 3.7 out of 10.

LDAP Injection in Jenkins Project Active Directory Plugin

CVE-2026-57288

Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native (ADSI) authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters…

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Jenkins Project Active Directory Plugin — versions 0

Weakness classification (CWE)

CWE-90 — LDAP Injection

References

jenkinsci-cert@googlegroups.com (vendor-advisory)

Frequently asked questions

What is CVE-2026-57288?: CVE-2026-57288 is a low-severity vulnerability in Jenkins Project Active Directory Plugin, classified under LDAP Injection. CVSS score: 3.7/10. Published 2026-06-24.
How severe is CVE-2026-57288?: Low severity. CVSS v3 base score is 3.7 out of 10.