PT-2026-30993 · Powerjob · Powerjob
Anch0R
·
Published
2026-04-07
·
Updated
2026-04-07
·
CVE-2026-5739
CVSS v2.0
7.5
High
| AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PowerJob versions 5.1.0 through 5.1.2
Description
A security flaw exists in PowerJob versions 5.1.0 through 5.1.2. The issue is related to code injection resulting from the manipulation of the
nodeParams argument within the GroovyEvaluator.evaluate function located in the /openApi/addWorkflowNode file of the OpenAPI Endpoint component. This attack can be executed remotely.Recommendations
Update to a newer version that contains a fix for this vulnerability.
Fix
Code Injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Powerjob