Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
xuxueli xxl-job: Unauthenticated Server-Side Request Forgery Possible
CVE-2026-3733
Summary
An unknown function in xuxueli xxl-job versions up to 3.3.2 allows an attacker to make unauthorized requests on your server, potentially leading to security issues. This is a serious risk that can be exploited remotely. Update to the latest version of xuxueli xxl-job to fix this issue.
Original title
A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipula...
Original description
A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. The exploit is now public and may be used. The project maintainer closed the issue report with the following statement: "Access token security verification is required." (translated from Chinese)
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
Published: 8 Mar 2026 · Updated: 13 Mar 2026 · First seen: 8 Mar 2026