CVE-2026-5936 | THREATINT

Description

An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints (e.g., cloud metadata services), or bypass network access controls, potentially leading to sensitive information disclosure and further compromise of the internal environment.

PUBLISHED Reserved 2026-04-09 | Published 2026-04-13 | Updated 2026-04-13 | Assigner Foxit

HIGH: 8.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Problem types

CWE-918 Server-Side request forgery (SSRF)

Product status

Default status

unaffected

before 2026-04-07

affected

Credits

Vedant Roy of Ultimate Kronos Group(UKG) finder

References

www.foxit.com/support/security-bulletins.html

cve.org (CVE-2026-5936)

nvd.nist.gov (CVE-2026-5936)

Download JSON