CVE-2026-5739

Sažetak

A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be executed remotely. The project was informed of the problem early through an issue report but has not responded yet.

Reference

https://github.com/PowerJob/PowerJob/
https://github.com/PowerJob/PowerJob/issues/1168
https://vuldb.com/submit/786936
https://vuldb.com/vuln/355747
https://vuldb.com/vuln/355747/cti

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

07-04-2026 - 20:16

Objavljeno

07-04-2026 - 20:16