NEXTGUARD
UNKNOWNCVE-2026-5538

QingdaoU OnlineJudge judge_server_heartbeat Endpoint JudgeServer.service_url server-side request forgery

Platform

other

Component

qingdaou-onlinejudge

View on NVD

A vulnerability was detected in QingdaoU OnlineJudge up to 1.6.1. Affected by this issue is the function service_url of the file JudgeServer.service_url of the component judge_server_heartbeat Endpoint. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

How to fix

Se recomienda actualizar a una versión corregida de QingdaoU OnlineJudge que solucione la vulnerabilidad de falsificación de solicitudes del lado del servidor (SSRF) en el endpoint judge_server_heartbeat.  Contactar al proveedor para obtener información sobre las versiones corregidas y los pasos de actualización.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free