CVE-2026-4200 | glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393 ProblemCaseController.java uploadTestcaseZipUrl server-side request forgery

A vulnerability was found in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. It has been classified as critical. This affects the function uploadTestcaseZipUrl of the file business/business-oj/src/main/java/com/glowxq/oj/problem/controller/ProblemCaseController.java. Performing a manipulation results in server-side request forgery.

This vulnerability is identified as CVE-2026-4200. The attack can be initiated remotely. Additionally, an exploit exists.

Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4200 | glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393 ProblemCaseController.java uploadTestcaseZipUrl server-side request forgery

Post correlati

CVE-2024-8180 | GitLab Community Edition/Enterprise Edition up to 17.3.6/17.4.3/17.5.1 cross site scripting (Issue 480720)

CVE-2024-35324 | Douchat 4.0.5 preview.php unrestricted upload

CVE-2024-24254 | PX4 Autopilot up to 1.14 Geofence Data geofence.cpp mission_feasibility_checker.cpp race condition

CVE-2023-48886 | NettyRpc 1.2 RPC Request deserialization (Issue 53)