CVE-2026-7306

Name of the Vulnerable Software and Affected Versions Xuxueli xxl-job versions prior to 3.3.3

Description An issue exists in the OpenAPI Endpoint within the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java. Manipulation of the default token argument leads to the use of a hard-coded cryptographic key. This flaw allows for remote attacks, although it is characterized by high complexity and difficult exploitability.

Recommendations Update to a version newer than 3.3.2. As a temporary workaround, restrict access to the default token argument in the OpenAPI Endpoint to minimize the risk of exploitation.