VYPR
Medium severity6.3NVD Advisory· Published Mar 8, 2026· Updated Apr 29, 2026

CVE-2026-3733

CVE-2026-3733

Description

A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. The exploit is now public and may be used. The project maintainer closed the issue report with the following statement: "Access token security verification is required." (translated from Chinese)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Xuxueli/Xxl Jobreferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <=3.3.2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.