EUVD-2026-17826CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the file frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AlarmController.java of the component Alarm Preview. Executing a manipulation can lead to server-side request forgery. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Analysis
Server-side request forgery in AutohomeCorp frostmourne up to version 1.0 allows authenticated remote attackers to manipulate the Alarm Preview component via an unknown function in AlarmController.java, enabling arbitrary HTTP requests from the vulnerable server with potential to access internal resources, leak sensitive data, or interact with backend systems. Publicly available exploit code exists; CVSS 6.3 reflects moderate severity with low attack complexity and limited impact scope.
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today