CVE-2026-5259

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions AutohomeCorp frostmourne versions prior to 1.1

Description A server-side request forgery condition exists in AutohomeCorp frostmourne up to version 1.0. The issue is located within an unknown function in the file frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AlarmController.java of the Alarm Preview component. This can be exploited remotely. The exploit has been publicly disclosed.

Recommendations Update to version 1.1 or later.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2026-5259

Affected Products

Frostmourne

CVE-2026-5259

Weakness Enumeration

Related Identifiers

Affected Products

References · 6