Server-Side Request Forgery in QingdaoU OnlineJudge Affects Version 1.6.1
CVE-2026-5538

5.3MEDIUM

Key Information:

Vendor

Qingdaou

Status
Onlinejudge
Vendor
CVE Published:
5 April 2026

What is CVE-2026-5538?

A server-side request forgery vulnerability has been identified in QingdaoU OnlineJudge, specifically affecting version 1.6.1 and earlier. This vulnerability resides in the function service_url within the JudgeServer.service_url component, leading to the potential for remote attackers to manipulate server requests. As a result, unauthorized actions may be executed on behalf of the server, posing significant security risks. The vendor has been informed about this issue but has yet to respond.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

OnlineJudge 1.6.0

OnlineJudge 1.6.1

References

https://vuldb.com/vuln/355291
vdb-entrytechnical-description
https://vuldb.com/vuln/355291/cti
signaturepermissions-required
https://vuldb.com/submit/782203
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ana10gy (VulDB User)
VulDB CNA Team
JSON
.