CVE-2026-7303

Exploit

EPSS 0.42%
Veröffentlicht 28.04.2026 19:00:17
Zuletzt bearbeitet 29.04.2026 21:16:21
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

Xuxueli xxl-job Execution Log JobLogController.java logDetailCat resource injection

A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improper control of resource identifiers. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is considered difficult. The exploit has been released to the public and may be used for attacks. Upgrading to version 3.4.0 is recommended to address this issue. The patch is identified as d24e4ccd6073cc75305e1d3b9c29bc8db7437e7a. It is suggested to upgrade the affected component.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 10

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerXuxueli

≫

Produkt xxl-job

Version 3.3.0

Status affected

Version 3.3.1

Status affected

Version 3.3.2

Status affected

Version 3.4.0

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.42%	0.333

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com	2.9	0	0	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:P/I:N/A:N

CWE-99 Improper Control of Resource Identifiers ('Resource Injection')

The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.

https://github.com/xuxueli/xxl-job/

https://vuldb.com/vuln/359959

https://vuldb.com/vuln/359959/cti

https://vuldb.com/submit/803075

https://github.com/xuxueli/xxl-job/issues/3936

https://github.com/xuxueli/xxl-job/commit/d24e4ccd6073cc75305e1d3b9c29bc8db7437e7a

https://github.com/xuxueli/xxl-job/releases/tag/v3.4.0

https://nvd.nist.gov/vuln/detail/CVE-2026-7303

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-7303

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-7303

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-7303