CVE-2026-5538 | QingdaoU OnlineJudge up to 1.6.1 judge_server_heartbeat Endpoint JudgeServer.service_url server-side request forgery

Inserito da Angelo Barbosa | Apr 4, 2026 | CVE

A vulnerability described as critical has been identified in QingdaoU OnlineJudge up to 1.6.1. Affected by this issue is the function service_url of the file JudgeServer.service_url of the component judge_server_heartbeat Endpoint. The manipulation results in server-side request forgery.

This vulnerability is known as CVE-2026-5538. It is possible to launch the attack remotely. No exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5538 | QingdaoU OnlineJudge up to 1.6.1 judge_server_heartbeat Endpoint JudgeServer.service_url server-side request forgery

Post correlati

CVE-2023-24052 | Connectize AC21000 G6 641.139.1.1256 password recovery

CVE-2024-30922 | jeffpiazza DerbyNet 9.0 print/render/award.inc sql injection

CVE-2025-47600 | xtemos WoodMart Plugin up to 8.3.7 on WordPress cross site scripting

CVE-2026-28889 | Apple Xcode up to 26.3 App permission