CVE-2026-5563

Name of the Vulnerable Software and Affected Versions AutohomeCorp frostmourne versions up to 1.0

Description A security flaw exists in AutohomeCorp frostmourne up to version 1.0. The httpTest function within the Alarm Preview component, accessible via the file /api/monitor-api/alarm/previewData, is susceptible to SQL injection. This attack can be initiated remotely. The exploit for this issue has been publicly released.

Recommendations Versions prior to 1.0 should be updated. As a temporary workaround, consider restricting access to the /api/monitor-api/alarm/previewData endpoint until a patch is available.