Powerjob CVE-2026-5739

Q: What is the CVSS score of CVE-2026-5739?

CVE-2026-5739 has a CVSS 4.0 base score of 6.9 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-19896 MEDIUM

Code Injection (CWE-94)

2026-04-07 VulDB

GHSA-wpwf-v25w-54g3

Code Injection RCE Powerjob

6.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

6.9 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

EUVD ID Assigned

Apr 07, 2026 - 20:16 euvd

EUVD-2026-19896

Analysis Generated

Apr 07, 2026 - 20:16 vuln.today

CVE Published

Apr 07, 2026 - 19:15 nvd

MEDIUM 6.9

DescriptionCVE.org

A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be executed remotely. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Remote code injection in PowerJob 5.1.0, 5.1.1, and 5.1.2 allows unauthenticated attackers to execute arbitrary code via the GroovyEvaluator.evaluate function in the OpenAPI endpoint /openApi/addWorkflowNode by manipulating the nodeParams argument. The vulnerability exploits unsafe Groovy code evaluation without input sanitization, enabling full remote code execution with a low CVSS complexity score (6.9/10). …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	This vulnerability presents substantial real-world risk despite a moderate CVSS v4.0 score of 6.9. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker discovers a PowerJob instance running version 5.1.0-5.1.2 exposed on a public IP or internal network. The attacker crafts an HTTP POST request to /openApi/addWorkflowNode with a malicious Groovy expression embedded in the nodeParams argument, such as code that instantiates a ProcessBuilder to execute shell commands. …
Remediation	No vendor-released patch identified at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-5739 vulnerability details – vuln.today

Back