An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints (e.g., cloud metadata services), or bypass network access controls, potentially leading to sensitive information disclosure and further compromise of the internal environment.
References
| Link | Resource |
|---|---|
| https://www.foxit.com/support/security-bulletins.html | Vendor Advisory |
Configurations
History
07 Jul 2026, 18:26
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Foxit
Foxit pdf Services Api |
|
| References | () https://www.foxit.com/support/security-bulletins.html - Vendor Advisory | |
| CPE | cpe:2.3:a:foxit:pdf_services_api:*:*:*:*:*:*:*:* |
13 Apr 2026, 07:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-13 07:16
Updated : 2026-07-07 18:26
NVD link : CVE-2026-5936
Mitre link : CVE-2026-5936
CVE.ORG link : CVE-2026-5936
JSON object : View
Products Affected
foxit
- pdf_services_api
CWE
CWE-918
Server-Side Request Forgery (SSRF)
