CVE-2026-7306 | Xuxueli xxl-job up to 3.3.2 OpenAPI Endpoint OpenApiController.java default_token hard-coded key (Issue 3938)

A vulnerability was found in Xuxueli xxl-job up to 3.3.2. It has been declared as critical. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument default_token leads to use of hard-coded cryptographic key
.

This vulnerability is referenced as CVE-2026-7306. It is possible to launch the attack remotely. Furthermore, an exploit is available.

CVE-2026-7306 | Xuxueli xxl-job up to 3.3.2 OpenAPI Endpoint OpenApiController.java default_token hard-coded key (Issue 3938)

Post correlati

CVE-2024-6528 | Schneider Electric Modicon Controllers M262 cross site scripting (SEVD-2024-191-04)

CVE-2025-6712 | MongoDB Server up to 8.0.9 resource consumption

CVE-2024-13135 | Emlog Pro 2.4.3 Subpage /admin/twitter.php cross site scripting

CVE-2024-1273 | Starbox Plugin up to 3.4.x on WordPress cross site scripting