CVE-2026-44341 | THREATINT

Description

GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. The endpoint lacks proper authentication and authorization checks, resulting in unauthorized access to job data.

PUBLISHED Reserved 2026-05-05 | Published 2026-05-12 | Updated 2026-05-13 | Assigner GitHub_M

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-284: Improper Access Control

CWE-639: Authorization Bypass Through User-Controlled Key

Product status

<= 2cc74a78dcf101c089ea209f2aaefef0674f6b55

affected

References

github.com/...gojobs/security/advisories/GHSA-x2j8-h9xc-wpgf exploit

github.com/...gojobs/security/advisories/GHSA-x2j8-h9xc-wpgf

cve.org (CVE-2026-44341)

nvd.nist.gov (CVE-2026-44341)

Download JSON