CVE-2026-26719
Received Received - Intake

Cross Site Scripting in xxl-job-admin

Vulnerability report for CVE-2026-26719, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-15

Last updated on: 2026-07-15

Assigner: MITRE

Description

Cross Site Scripting vulnerability in xxl-job-admin v.3.0.0 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request containing a malicious script

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-15
Last Modified
2026-07-15
Generated
2026-07-16
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
xxl-job xxl-job-admin 3.0.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This is a Cross Site Scripting (XSS) vulnerability in the xxl-job-admin component version 3.0.0. It allows a remote attacker to execute arbitrary code by sending a specially crafted HTTP GET request that includes a malicious script.

Impact Analysis

An attacker could exploit this to run malicious scripts in the context of the vulnerable application. This may lead to theft of session cookies, defacement of web pages, or unauthorized actions performed on behalf of legitimate users.

Compliance Impact

This vulnerability could lead to unauthorized access to sensitive data, violating confidentiality requirements in GDPR and HIPAA. Organizations may face compliance breaches, legal penalties, and reputational damage if exploited.

Mitigation Strategies

Immediately upgrade xxl-job-admin to a version that patches this vulnerability. If upgrading is not possible, disable the vulnerable component or restrict access to the xxl-job-admin interface via network controls.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26719. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart