216.73.217.176

CVE-2026-3733

· Published 08/03/2026 11:15 · Modified 09/03/2026 13:35

Labels: CVE-2026-3733 2026-03-08CVE-2026-3733CWE-918[email protected]

Essential information

Published
08/03/2026 11:15
Modified
09/03/2026 13:35
Author
Creator
CVSS
5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. The exploit is now public and may be used. The project maintainer closed the issue report with the following statement: "Access token security verification is required." (translated from Chinese)

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
xuxueli / xxl-job cpe:2.3:a:xuxueli:xxl-job:*:*:*:*:*:*:*:*

References