CVE-2026-7306 in xxl-jobinformação

Sumário

de MITRE • 29/04/2026

A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument default_token leads to use of hard-coded cryptographic key
. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is regarded as difficult. The exploit has been disclosed publicly and may be used.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

VulDB

Divulgação

29/04/2026

Moderação

aceite

Entrada

VDB-359961

CPE

pronto

CWE

CWE-321 (confirmado)

Exploração

Descarregar

CVSS

5.6 (VulDB)

EPSS

0.00020

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-7306
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-7306
CVE Details	https://www.cvedetails.com/cve/CVE-2026-7306/

◂ Voltar Visão Geral Próximo ▸

Interested in the pricing of exploits?

See the underground prices here!