CVE-2026-8993

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N                                    

Vulnerability Description

D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF (Server Side Request Forgery) attacks. User interaction is required as potential victim needs to open a specially crafted URL.

Vulnerability Details

Published Date

June 02, 2026

Last Modified

June 02, 2026

CWE ID

CWE-74

Source

NVD

External References

https://ditec.sk/static/kep/apps/release-notes/en
https://www.slovensko.sk/sk/oznamy/detail/_zranitelnost-aplikacie-d-launc

CVE-2026-8993

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment