CVE-2026-5936

An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints (e.g., cloud metadata services), or bypass network access controls, potentially leading to sensitive information disclosure and further compromise of the internal environment.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:foxit:pdf_services_api:*:*:*:*:*:*:*:*

History

07 Jul 2026, 18:26

Type Values Removed Values Added
First Time Foxit
Foxit pdf Services Api
References () https://www.foxit.com/support/security-bulletins.html - () https://www.foxit.com/support/security-bulletins.html - Vendor Advisory
CPE cpe:2.3:a:foxit:pdf_services_api:*:*:*:*:*:*:*:*

13 Apr 2026, 07:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-04-13 07:16

Updated : 2026-07-07 18:26


NVD link : CVE-2026-5936

Mitre link : CVE-2026-5936

CVE.ORG link : CVE-2026-5936


JSON object : View

Products Affected

foxit

  • pdf_services_api
CWE
CWE-918

Server-Side Request Forgery (SSRF)