PowerJob OpenAPI Endpoint addWorkflowNode GroovyEvaluator.evaluate code injection_CVE-2026-5739

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

Description

A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be executed remotely. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-5739

Source VulDB

Published Apr 7, 2026 at 19:15

Modified Apr 7, 2026 at 20:03

Affected Product

Vendor n/a

Product PowerJob

Version 5.1.0

Affected Versions n/a PowerJob 5.1.0
n/a PowerJob 5.1.1
n/a PowerJob 5.1.2

CWE Classification

CWE-94 CWE-74

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be executed remotely. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-04-07T19:15:11.183Z",
    "modified": "2026-04-07T20:03:03.560Z",
    "type": "cve",
    "title": "PowerJob OpenAPI Endpoint addWorkflowNode GroovyEvaluator.evaluate code injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/355747\nhttps://vuldb.com/vuln/355747/cti\nhttps://vuldb.com/submit/786936\nhttps://github.com/PowerJob/PowerJob/issues/1168\nhttps://github.com/PowerJob/PowerJob/",
    "id": "CVE-2026-5739",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "n/a PowerJob 5.1.0\nn/a PowerJob 5.1.1\nn/a PowerJob 5.1.2",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PowerJob",
    "version": "5.1.0",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}