CVE-2026-7303

Published: Apr 29, 2026 Last Modified: Apr 29, 2026
ExploitDB:
Other exploit source:
Google Dorks:
LOW 2,9
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
LOW 3,7
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
LOW 2,6
Source: [email protected]
Access Vector: network
Access Complexity: high
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none

Description

AI Translation Available

A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improper control of resource identifiers. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is considered difficult. The exploit has been released to the public and may be used for attacks. Upgrading to version 3.4.0 is recommended to address this issue. The patch is identified as d24e4ccd6073cc75305e1d3b9c29bc8db7437e7a. It is suggested to upgrade the affected component.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0007
Percentile
0,2th
Updated

EPSS Score Trend (Last 2 Days)

99

Improper Control of Resource Identifiers ('Resource Injection')

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity
Potential Impacts:
Read Application Data Modify Application Data Read Files Or Directories Modify Files Or Directories
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: High
View CWE Details
https://github.com/xuxueli/xxl-job/
https://github.com/xuxueli/xxl-job/
https://github.com/xuxueli/xxl-job/commit/d24e4ccd6073cc753…
https://github.com/xuxueli/xxl-job/commit/d24e4ccd6073cc75305e1d3b9c29bc8db7437…
https://github.com/xuxueli/xxl-job/issues/3936
https://github.com/xuxueli/xxl-job/issues/3936
https://github.com/xuxueli/xxl-job/releases/tag/v3.4.0
https://github.com/xuxueli/xxl-job/releases/tag/v3.4.0
https://vuldb.com/submit/803075
https://vuldb.com/submit/803075
https://vuldb.com/vuln/359959
https://vuldb.com/vuln/359959
https://vuldb.com/vuln/359959/cti
https://vuldb.com/vuln/359959/cti