CVE-2026-5739

Source
https://cve.org/CVERecord?id=CVE-2026-5739
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5739.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-5739
Aliases
Published
2026-04-07T19:15:11.183Z
Modified
2026-07-15T01:49:13.820532685Z
Severity
  • 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X CVSS Calculator
Summary
PowerJob OpenAPI Endpoint addWorkflowNode GroovyEvaluator.evaluate code injection
Details

A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be executed remotely. The project was informed of the problem early through an issue report but has not responded yet.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5739.json",
    "cwe_ids": [
        "CWE-74",
        "CWE-94"
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/powerjob/powerjob

Affected ranges

Type
GIT
Repo
https://github.com/powerjob/powerjob
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "5.1.0"
        },
        {
            "last_affected": "5.1.0"
        },
        {
            "introduced": "5.1.1"
        },
        {
            "last_affected": "5.1.1"
        },
        {
            "introduced": "5.1.2"
        },
        {
            "last_affected": "5.1.2"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

5.*
5.1.0
5.1.1
5.1.2
v5.*
v5.1.0-bugfix
v5.1.1
v5.1.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5739.json"