CVE-2026-3733

MEDIUM

xxl-job <=3.3.2 - SSRF

Title source: llm

Description

A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. The exploit is now public and may be used. The project maintainer closed the issue report with the following statement: "Access token security verification is required." (translated from Chinese)

References (6)

Scores

CVSS v3 6.3
EPSS 0.0006
EPSS Percentile 17.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-918
Status published
Published Mar 08, 2026
Tracked Since Mar 08, 2026