CVE-2026-5538: QingdaoU OnlineJudge SSRF - v1.6.0-1.6.1
Plattform
other
Komponente
qingdaou-onlinejudge
CVE-2026-5538 is a server-side request forgery (SSRF) vulnerability identified in QingdaoU OnlineJudge versions 1.6.0 through 1.6.1. This flaw allows an attacker to manipulate the `service_url` function within the `JudgeServer.service_url` endpoint, potentially leading to unauthorized access to internal network resources. The vendor has not responded to early disclosure attempts, and no official patch is currently available.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-5538?
CVE-2026-5538 is a server-side request forgery (SSRF) vulnerability affecting QingdaoU OnlineJudge versions 1.6.0 and 1.6.1. It allows attackers to make requests on behalf of the server, potentially accessing sensitive internal resources.
Am I affected by CVE-2026-5538?
You are potentially affected if you are running QingdaoU OnlineJudge version 1.6.0 or 1.6.1. If you are using a different version, or are not using QingdaoU OnlineJudge, you are not directly affected.
How can I fix or mitigate CVE-2026-5538?
Currently, no official patch is available from the vendor. Mitigation strategies include restricting network access for the OnlineJudge server, implementing strict input validation on the `service_url` parameter, and using a web application firewall (WAF) to filter malicious requests.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten