CVE-2026-5736 | PowerJob 5.1.0/5.1.1/5.1.2 detailPlus Endpoint InstanceController.java customQuery sql injection (Issue 1167)

A vulnerability was found in PowerJob 5.1.0/5.1.1/5.1.2. It has been classified as critical. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of the argument customQuery leads to sql injection.

This vulnerability is referenced as CVE-2026-5736. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-5736 | PowerJob 5.1.0/5.1.1/5.1.2 detailPlus Endpoint InstanceController.java customQuery sql injection (Issue 1167)

Post correlati

CVE-2026-24351 | PluXml CMS 5.8.21/5.9.0-rc7 Static Page cross site scripting

CVE-2023-25643 | ZTE MC801A/MC801A1 command injection

CVE-2024-47971 | Solidigm D5-P5316/D7-P5520/D7-P5620 denial of service

CVE-2024-0598 | Kadence Gutenberg Blocks Plugin up to 3.2.17 on WordPress Contact Form Message Settings cross site scripting