CVE-2026-5739

HIGH NVD

CVSS Score 7.3

Severity HIGH

Published Apr 07, 2026

Vendor unknown

Description

A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be executed remotely. The project was informed of the problem early through an issue report but has not responded yet.

References

https://github.com/PowerJob/PowerJob/
https://github.com/PowerJob/PowerJob/issues/1168
https://vuldb.com/submit/786936
https://vuldb.com/vuln/355747
https://vuldb.com/vuln/355747/cti