PT-2026-30409 · Qingdaou · Onlinejudge
Ana10Gy
·
Published
2026-04-05
·
Updated
2026-04-05
·
CVE-2026-5538
CVSS v3.1
6.3
Medium
| AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
A vulnerability was detected in QingdaoU OnlineJudge up to 1.6.1. Affected by this issue is the function service url of the file JudgeServer.service url of the component judge server heartbeat Endpoint. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Onlinejudge