PT-2026-23938 · Xuxueli · Xxl-Job
Zast.Ai
·
Published
2026-03-08
·
Updated
2026-05-19
·
CVE-2026-3733
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
xuxueli xxl-job versions up to 3.3.2
Description
A server-side request forgery condition exists in xuxueli xxl-job. The issue is located in the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java, affecting an unknown function. This allows for remote attacks. The project maintainer indicated that access token security verification is required to address the issue.
Recommendations
versions prior to 3.3.2 require access token security verification.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xxl-Job