Skip to main content

D Launcher 2

1 CVEs product

Monthly

CVE-2026-8993 MEDIUM PATCH This Month

D.Launcher 2, a component of the Slovak eID client ecosystem by Ditec a.s., exposes Windows users to NTLM credential theft and SSRF attacks via improperly handled custom URL protocol registrations. An unauthenticated remote attacker who convinces a victim to open a specially crafted URL can trigger outbound NTLM authentication or SMB connections to attacker-controlled infrastructure, leaking Net-NTLMv2 hashes suitable for offline cracking or relay attacks. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

SSRF D Launcher 2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

D.Launcher 2, a component of the Slovak eID client ecosystem by Ditec a.s., exposes Windows users to NTLM credential theft and SSRF attacks via improperly handled custom URL protocol registrations. An unauthenticated remote attacker who convinces a victim to open a specially crafted URL can trigger outbound NTLM authentication or SMB connections to attacker-controlled infrastructure, leaking Net-NTLMv2 hashes suitable for offline cracking or relay attacks. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

SSRF D Launcher 2
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy