Detections
Analytics

CVE-2026-3733

medium

Description

A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. The exploit is now public and may be used. The project maintainer closed the issue report with the following statement: "Access token security verification is required." (translated from Chinese)

References

https://vuldb.com/?submit.767226

https://vuldb.com/?id.349711

https://vuldb.com/?ctiid.349711

https://github.com/xuxueli/xxl-job/issues/3924#issue-3987941359

https://github.com/xuxueli/xxl-job/issues/3924

https://github.com/xuxueli/xxl-job/

Details

Source: Mitre, NVD

Published: 2026-03-08

Updated: 2026-03-09

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Severity: Medium

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00043