CVE-2026-5736

HIGH NVD

CVSS Score 7.3

Severity HIGH

Published Apr 07, 2026

Vendor unknown

Description

A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of the argument customQuery leads to sql injection. Remote exploitation of the attack is possible. The project was informed of the problem early through an issue report but has not responded yet.

References

https://github.com/PowerJob/PowerJob/
https://github.com/PowerJob/PowerJob/issues/1167
https://github.com/PowerJob/PowerJob/pull/1166
https://vuldb.com/submit/786727
https://vuldb.com/vuln/355746