CVE•Published 2026-04-28•Modified 2026-04-29•0 articles on news•5 live references•NVD data

CVE-2026-7303

Vulnerability data via NVD (ingested)

CVSS v3.1

3.7

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS percentile

—

Weaknesses (CWE)

CWE-99Improper Control of Resource Identifiers ('Resource Injection')

Description

A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improper control of resource identifiers. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is considered difficult. The exploit has been released to the public and may be used for attacks. Upgrading to version 3.4.0 is recommended to address this issue. The patch is identified as d24e4ccd6073cc75305e1d3b9c29bc8db7437e7a. It is suggested to upgrade the affected component.

Timeline

Published 2026-04-28

Modified 2026-04-29

External references

NVD MITRE Exploit-DB Sploitus VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts

vuln:CVE-2026-7303

Hosts Shodan has explicitly fingerprinted as vulnerable.

More intel sources (5)

Shodan report

vuln:CVE-2026-7303

Country / ASN / product breakdown for the vuln query.

Censys

vulnerabilities.cve_id: CVE-2026-7303

Censys host search filtered to this CVE id.

grep.app

CVE-2026-7303