Skip to main content

Jenkins Active Directory Plugin

1 CVEs product

Monthly

CVE-2026-57288 LOW Monitor

LDAP injection in Jenkins Active Directory Plugin 2.41.1 and earlier allows unauthenticated remote attackers to enumerate Active Directory entries and authenticate as any directory user they can identify via wildcard matching, provided they already know that user's password. The vulnerability is confined to the Windows native ADSI authentication path, limiting exposure to Jenkins instances running on Windows with ADSI configured. No public exploit code or active exploitation has been identified; SSVC rates it non-automatable with partial technical impact.

Code Injection LDAP Jenkins Microsoft Jenkins Active Directory Plugin
NVD VulDB
CVSS 3.1
3.7
EPSS
0.2%
EPSS 0% CVSS 3.7
LOW Monitor

LDAP injection in Jenkins Active Directory Plugin 2.41.1 and earlier allows unauthenticated remote attackers to enumerate Active Directory entries and authenticate as any directory user they can identify via wildcard matching, provided they already know that user's password. The vulnerability is confined to the Windows native ADSI authentication path, limiting exposure to Jenkins instances running on Windows with ADSI configured. No public exploit code or active exploitation has been identified; SSVC rates it non-automatable with partial technical impact.

Code Injection LDAP Jenkins +2
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy