CVE-2026-3733

MEDIUM

xxl-job <=3.3.2 - SSRF

Title source: llm

Description

A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. The exploit is now public and may be used. The project maintainer closed the issue report with the following statement: "Access token security verification is required." (translated from Chinese)

References (6)

Scores

CVSS v3 6.3
EPSS 0.0004
EPSS Percentile 12.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE
CWE-918
Status draft

Timeline

Published Mar 08, 2026
Tracked Since Mar 08, 2026