CVE-2026-4200

Name of the Vulnerable Software and Affected Versions glowxq glowxq-oj versions prior to 6f7c723090472057252040fd2bbbdaa1b5ed2393

Description A security issue exists in glowxq glowxq-oj. A manipulation of the uploadTestcaseZipUrl function in the file business/business-oj/src/main/java/com/glowxq/oj/problem/controller/ProblemCaseController.java can lead to server-side request forgery. This attack can be initiated remotely. The exploit is publicly available. The product uses continuous delivery with rolling releases, and no specific version details for affected or updated releases are available. The vendor was contacted regarding this issue but did not respond.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.