CVE-2026-5538 | QingdaoU OnlineJudge up to 1.6.1 judge_server_heartbeat Endpoint JudgeServer.service_url server-side request forgery

Inserito da Angelo Barbosa | Apr 4, 2026 | CVE

A vulnerability described as critical has been identified in QingdaoU OnlineJudge up to 1.6.1. Affected by this issue is the function service_url of the file JudgeServer.service_url of the component judge_server_heartbeat Endpoint. The manipulation results in server-side request forgery.

This vulnerability is known as CVE-2026-5538. It is possible to launch the attack remotely. No exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5538 | QingdaoU OnlineJudge up to 1.6.1 judge_server_heartbeat Endpoint JudgeServer.service_url server-side request forgery

Post correlati

CVE-2024-47780 | TYPO3 up to 10.4.45/11.5.39/12.4.20/13.3.0 authorization (GHSA-rf5m-h8q9-9w6q)

CVE-2023-7226 | meetyoucrop big-whale 1.1 Admin Module /auth/user/all.api id improper ownership management (I6N31K)

CVE-2024-22353 | IBM WebSphere Application Server Liberty up to 24.0.0.3 Request resource consumption (XFDB-280400)

CVE-2024-2075 | SourceCodester Daily Habit Tracker 1.0 update-tracker.php day cross site scripting