CVE-2026-5259
Received Received - Intake
Server-Side Request Forgery in AutohomeCorp Frostmourne Alarm Preview

Publication date: 2026-04-01

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the file frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AlarmController.java of the component Alarm Preview. Executing a manipulation can lead to server-side request forgery. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-01
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-01
EPSS Evaluated
2026-06-14
NVD
CVE-2026-5259
EUVD
EUVD-2026-17826
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
autohomecorp frostmourne to 1.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in AutohomeCorp frostmourne up to version 1.0, specifically in an unknown function within the Alarm Preview component's AlarmController.java file. It allows an attacker to perform server-side request forgery (SSRF) by manipulating the vulnerable function. The attack can be executed remotely and the exploit has been publicly disclosed.

Impact Analysis

The vulnerability can lead to server-side request forgery, which may allow an attacker to make unauthorized requests from the vulnerable server to internal or external systems. This can result in information disclosure, unauthorized actions, or further exploitation of internal services. The CVSS scores indicate a moderate severity, with potential impacts on confidentiality, integrity, and availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5259. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart