CVE-2026-5739

HIGH 7.3

PowerJob OpenAPI Endpoint addWorkflowNode GroovyEvaluator.evaluate code injection

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

0th

A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be executed remotely. The project was informed of the problem early through an issue report but has not responded yet.

CWE	CWE-94 CWE-74
Vendor	n/a
Product	powerjob
Published	Apr 7, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for n/a powerjob

Be the first to know when new high vulnerabilities affecting n/a powerjob are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

n/a / PowerJob

5.1.0 5.1.1 5.1.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/355747 vuldb.com: https://vuldb.com/vuln/355747/cti vuldb.com: https://vuldb.com/submit/786936 github.com: https://github.com/PowerJob/PowerJob/issues/1168 github.com: https://github.com/PowerJob/PowerJob/

Credits

🔍 anch0r (VulDB User) VulDB CNA Team