Vulnerability in Xuxueli Xxl-job
CVE-2026-7303
A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler…
EPSS: 0.001 (22.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Xuxueli Xxl-job — versions 3.3.0, 3.3.1, 3.3.2
Weakness classification (CWE)
References
- VDB-359959 | Xuxueli xxl-job Execution Log JobLogController.java logDetailCat resource injection (technical-description, vdb-entry)
- VDB-359959 | CTI Indicators (IOB, IOC, IOA) (signature, permissions-required)
- Submit #803075 | xuxueli https://github.com/xuxueli/xxl-job v3.3.2 Authorization Bypass (third-party-advisory)
- cna@vuldb.com (issue-tracking, exploit)
- cna@vuldb.com (patch)
- cna@vuldb.com (patch)
- cna@vuldb.com (product)
Frequently asked questions
- What is CVE-2026-7303?
- CVE-2026-7303 is a low-severity vulnerability in Xuxueli Xxl-job, classified under Resource Injection. CVSS score: 3.7/10. Published 2026-04-28.
- How severe is CVE-2026-7303?
- Low severity. CVSS v3 base score is 3.7 out of 10.