CVE-2026-7306 in xxl-jobinfo

Zusammenfassung

von MITRE • 29.04.2026

A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument default_token leads to use of hard-coded cryptographic key
. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is regarded as difficult. The exploit has been disclosed publicly and may be used.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulDB

Veröffentlichung

29.04.2026

Moderieren

akzeptiert

Eintrag

VDB-359961

CPE

bereit

CWE

CWE-321 (bestätigt)

Exploit

Download

CVSS

5.6 (VulDB)

EPSS

0.00020

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-7306
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-7306
CVE Details	https://www.cvedetails.com/cve/CVE-2026-7306/

◂ Zurück Übersicht Weiter ▸

Do you need the next level of professionalism?

Upgrade your account now!