CVE-2026-5739
Published: 07 April 2026
Summary
CVE-2026-5739 is a high-severity Injection (CWE-74) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents code injection by validating and sanitizing the nodeParams argument to the GroovyEvaluator.evaluate function in the vulnerable OpenAPI endpoint.
Requires identification, reporting, and timely patching of the code injection flaw in PowerJob versions 5.1.0-5.1.2.
Enforces authentication and authorization on the /openApi/addWorkflowNode endpoint to block unauthenticated remote exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote code injection in public-facing OpenAPI endpoint (/openApi/addWorkflowNode) via GroovyEvaluator allows unauthenticated arbitrary code execution, directly enabling T1190 (Exploit Public-Facing Application) and T1059 (Command and Scripting Interpreter) for code execution.
NVD Description
A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be executed…
more
remotely. The project was informed of the problem early through an issue report but has not responded yet.
Deeper analysisAI
CVE-2026-5739 is a code injection vulnerability affecting PowerJob versions 5.1.0, 5.1.1, and 5.1.2. The flaw resides in the GroovyEvaluator.evaluate function within the /openApi/addWorkflowNode endpoint of the OpenAPI component, where manipulation of the nodeParams argument enables arbitrary code execution. This issue is classified under CWE-74 (Improper Neutralization of Special Elements used in an SQL Command) and CWE-94 (Improper Control of Generation of Code), with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and lack of prerequisites.
The vulnerability can be exploited remotely by unauthenticated attackers with no privileges or user interaction required. By crafting malicious nodeParams input to the affected endpoint, an attacker can inject and execute arbitrary code on the server, potentially leading to limited impacts on confidentiality, integrity, and availability, such as data leakage, modification of application state, or denial of service.
Advisories from VulDB and the project's GitHub repository detail the issue, with an early report submitted via GitHub issue #1168. However, the PowerJob maintainers have not yet responded or issued patches, leaving affected systems without official mitigations. Security practitioners should monitor the repository at https://github.com/PowerJob/PowerJob/ and issue tracker for updates, while considering workarounds like restricting access to the OpenAPI endpoint or input validation on nodeParams.
Details
- CWE(s)