CVE-2026-8993
Improper URL Handler Processing in D.Launcher 2
Publication date: 2026-06-02
Last updated on: 2026-06-02
Assigner: National Cyber Security Centre SK-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ditec | dlauncher | 2.0.7.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not explicitly address how the vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the D.Launcher 2 application registering multiple custom URL handlers that can be exploited to initiate NTLM authentication or SMB connections to attacker infrastructure when a specially crafted URL is opened by a user.
Detection on your system or network could involve monitoring for unusual or unauthorized network traffic related to NTLM authentication or SMB connections initiated by the D.Launcher 2 application.
Since user interaction is required to trigger the vulnerability, commands to check for the presence and version of D.Launcher 2 on your system can help identify if you are at risk.
- On Windows, use PowerShell to check installed software: Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object { $_.DisplayName -like '*D.Launcher*' }
- On macOS or Linux, check for the presence of D.Launcher 2 binaries or processes using commands like: ps aux | grep dlauncher or locate dlauncher
Network monitoring tools can be configured to detect outbound NTLM or SMB traffic that originates unexpectedly, which may indicate exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the D.Launcher 2 application to version 2.0.7.0 or later, which contains critical fixes addressing this vulnerability.
The update removes support for NTLM and SPNEGO authentication protocols, unregisters the vulnerable custom URI schemes "ditec-dlauncher2f://" and disables internet access for the "ditec-dlauncher2://" URI scheme, thereby mitigating the risk.
Until the update can be applied, avoid opening any unsolicited or suspicious URLs that may trigger the vulnerable URL handlers.
Can you explain this vulnerability to me?
The vulnerability exists in the D.Launcher 2 component of the Slovak eID client ecosystem. It involves improper processing of custom URL handlers registered by the application. An attacker can exploit this by crafting special URLs that, when opened by a user, can trigger full NTLM authentication or SMB connections to the attacker's infrastructure. This can also enable Server Side Request Forgery (SSRF) attacks. User interaction is necessary, as the victim must open the malicious URL for the attack to succeed.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive information through forced NTLM authentication or SMB connections to an attacker-controlled server. It may allow attackers to gather authentication credentials or perform SSRF attacks, potentially accessing internal resources or services. Since user interaction is required, the risk depends on users opening malicious URLs.