← Back to CVEs
CVE-2026-7306
MEDIUM5.6
Description
A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument default_token leads to use of hard-coded cryptographic key . It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is regarded as difficult. The exploit has been disclosed publicly and may be used.
CVE Details
CVSS v3.1 Score5.6
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published4/28/2026
Last Modified4/29/2026
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-320CWE-321
References
https://github.com/xuxueli/xxl-job/(cna@vuldb.com)
https://github.com/xuxueli/xxl-job/issues/3938(cna@vuldb.com)
https://vuldb.com/submit/803077(cna@vuldb.com)
https://vuldb.com/vuln/359961(cna@vuldb.com)
https://vuldb.com/vuln/359961/cti(cna@vuldb.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.