CVE-2026-7303 Xuxueli xxl-job Execution Log JobLogController.java logDetailCat resource injection

🗓️ 28 Apr 2026 19:00:17Reported by VulDBType

CVE-2026-7303 in Xuxueli xxl-job allows remote resource injection via logDetailCat; upgrade to 3.4.0.

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2026-7303	28 Apr 202619:00	–	attackerkb
CNNVD	XXL-JOB 安全漏洞	28 Apr 202600:00	–	cnnvd
CVE	CVE-2026-7303	28 Apr 202619:00	–	cve
EUVD	EUVD-2026-26148	28 Apr 202619:00	–	euvd
Github Security Blog	xxl-job has a Resource Injection issue	29 Apr 202600:30	–	github
NVD	CVE-2026-7303	28 Apr 202622:16	–	nvd
OSV	GHSA-GW2X-MFWR-H46P xxl-job has a Resource Injection issue	29 Apr 202600:30	–	osv
Positive Technologies	PT-2026-35824	28 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-7303	5 Jun 202619:50	–	redhatcve
Snyk	Resource Injection	29 Apr 202616:25	–	snyk

[
  {
    "vendor": "Xuxueli",
    "product": "xxl-job",
    "versions": [
      {
        "version": "3.3.0",
        "status": "affected"
      },
      {
        "version": "3.3.1",
        "status": "affected"
      },
      {
        "version": "3.3.2",
        "status": "affected"
      },
      {
        "version": "3.4.0",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:xuxueli:xxl-job:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "Execution Log Handler"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/submit/803075
github	www.github.com/xuxueli/xxl-job/
github	www.github.com/xuxueli/xxl-job/issues/3936
github	www.github.com/xuxueli/xxl-job/commit/d24e4ccd6073cc75305e1d3b9c29bc8db7437e7a
vuldb	www.vuldb.com/vuln/359959/cti
github	www.github.com/xuxueli/xxl-job/releases/tag/v3.4.0
vuldb	www.vuldb.com/vuln/359959

28 Apr 2026 19:00Current

CVSS 22.6

CVSS 3.13.7

CVSS 33.7

CVSS 46.3

EPSS0.00418

CWE-99