CVE-2026-8993
Deferred Deferred - Pending Action
Improper URL Handler Processing in D.Launcher 2

Publication date: 2026-06-02

Last updated on: 2026-06-02

Assigner: National Cyber Security Centre SK-CERT

Description
D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF (Server Side Request Forgery) attacks. User interaction is required as potential victim needs to open a specially crafted URL.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-02
Generated
2026-06-22
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2026-8993
EUVD
EUVD-2026-33913
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ditec dlauncher 2.0.7.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in the D.Launcher 2 component of the Slovak eID client ecosystem. It involves improper processing of custom URL handlers registered by the application. An attacker can exploit this by crafting special URLs that, when opened by a user, can trigger full NTLM authentication or SMB connections to the attacker's infrastructure. This can also enable Server Side Request Forgery (SSRF) attacks. User interaction is necessary, as the victim must open the malicious URL for the attack to succeed.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive information through forced NTLM authentication or SMB connections to an attacker-controlled server. It may allow attackers to gather authentication credentials or perform SSRF attacks, potentially accessing internal resources or services. Since user interaction is required, the risk depends on users opening malicious URLs.

Compliance Impact

The provided information does not explicitly address how the vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability involves the D.Launcher 2 application registering multiple custom URL handlers that can be exploited to initiate NTLM authentication or SMB connections to attacker infrastructure when a specially crafted URL is opened by a user.

Detection on your system or network could involve monitoring for unusual or unauthorized network traffic related to NTLM authentication or SMB connections initiated by the D.Launcher 2 application.

Since user interaction is required to trigger the vulnerability, commands to check for the presence and version of D.Launcher 2 on your system can help identify if you are at risk.

  • On Windows, use PowerShell to check installed software: Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object { $_.DisplayName -like '*D.Launcher*' }
  • On macOS or Linux, check for the presence of D.Launcher 2 binaries or processes using commands like: ps aux | grep dlauncher or locate dlauncher

Network monitoring tools can be configured to detect outbound NTLM or SMB traffic that originates unexpectedly, which may indicate exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include updating the D.Launcher 2 application to version 2.0.7.0 or later, which contains critical fixes addressing this vulnerability.

The update removes support for NTLM and SPNEGO authentication protocols, unregisters the vulnerable custom URI schemes "ditec-dlauncher2f://" and disables internet access for the "ditec-dlauncher2://" URI scheme, thereby mitigating the risk.

Until the update can be applied, avoid opening any unsolicited or suspicious URLs that may trigger the vulnerable URL handlers.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8993. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart