5.6

CVE-2026-7306

Exploit

Xuxueli xxl-job OpenAPI Endpoint OpenApiController.java hard-coded key

A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument default_token leads to use of hard-coded cryptographic key
 . It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is regarded as difficult. The exploit has been disclosed publicly and may be used.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerXuxueli
Produkt xxl-job
Version 3.3.0
Status affected
Version 3.3.1
Status affected
Version 3.3.2
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.33% 0.243
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cna@vuldb.com 5.6 2.2 3.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com 2.9 0 0
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
CWE-321 Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

https://github.com/xuxueli/xxl-job/
https://vuldb.com/vuln/359961
https://vuldb.com/vuln/359961/cti
https://vuldb.com/submit/803077
https://github.com/xuxueli/xxl-job/issues/3938
https://github.com/xuxueli/xxl-job/issues/3938#issuecomment-4149938881