CVE-2026-5736

Source
https://cve.org/CVERecord?id=CVE-2026-5736
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5736.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-5736
Aliases
Published
2026-04-07T18:45:15.491Z
Modified
2026-07-08T08:11:36.750696864Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
PowerJob detailPlus Endpoint InstanceController.java sql injection
Details

A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of the argument customQuery leads to sql injection. Remote exploitation of the attack is possible. The project was informed of the problem early through an issue report but has not responded yet.

Database specific
{
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-74",
        "CWE-89"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5736.json"
}
References

Affected packages

Git / github.com/powerjob/powerjob

Affected ranges

Type
GIT
Repo
https://github.com/powerjob/powerjob
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "5.1.0"
        },
        {
            "last_affected": "5.1.0"
        },
        {
            "introduced": "5.1.1"
        },
        {
            "last_affected": "5.1.1"
        },
        {
            "introduced": "5.1.2"
        },
        {
            "last_affected": "5.1.2"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

5.*
5.1.0
5.1.1
5.1.2
v5.*
v5.1.0-bugfix
v5.1.1
v5.1.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5736.json"