Code Injection Vulnerability in PowerJob by PowerJob
CVE-2026-5739

6.9MEDIUM

Key Information:

Vendor

PowerJob

Status
Powerjob
Vendor
CVE Published:
7 April 2026

What is CVE-2026-5739?

A security flaw exists in PowerJob versions 5.1.0 to 5.1.2, specifically within the GroovyEvaluator.evaluate function of the OpenAPI Endpoint at /openApi/addWorkflowNode. The issue arises from improper handling of nodeParams, which allows an attacker to inject arbitrary code. This vulnerability can be exploited remotely, and although the project has been made aware of the issue, there has been no official response or patch as yet.

Affected Version(s)

PowerJob 5.1.0

PowerJob 5.1.1

PowerJob 5.1.2

References

https://vuldb.com/vuln/355747
vdb-entrytechnical-description
https://vuldb.com/vuln/355747/cti
signaturepermissions-required
https://vuldb.com/submit/786936
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

anch0r (VulDB User)
VulDB CNA Team
.