← Volver a CVEs
CVE-2026-7306
MEDIUM5.6
Descripcion
A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument default_token leads to use of hard-coded cryptographic key . It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is regarded as difficult. The exploit has been disclosed publicly and may be used.
Detalles CVE
Puntuacion CVSS v3.15.6
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado4/28/2026
Ultima modificacion4/29/2026
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-320CWE-321
Referencias
https://github.com/xuxueli/xxl-job/(cna@vuldb.com)
https://github.com/xuxueli/xxl-job/issues/3938(cna@vuldb.com)
https://vuldb.com/submit/803077(cna@vuldb.com)
https://vuldb.com/vuln/359961(cna@vuldb.com)
https://vuldb.com/vuln/359961/cti(cna@vuldb.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.