cvedb.io
CVE-2026-8993
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2026-06-02T12:16:18.647 · Last modified 2026-06-17T11:04:44.017

Summary

D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF (Server Side Request Forgery) attacks. User interaction is required as potential victim needs to open a specially crafted URL.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.