{"id":79191,"date":"2026-06-02T15:46:18","date_gmt":"2026-06-02T12:16:18","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-8993-improper-url-handler-processing-in-d-launcher-2-enables-ntlm-credential-disclosure-and-ssrf-attacks\/"},"modified":"2026-06-02T15:46:18","modified_gmt":"2026-06-02T12:16:18","slug":"cve-2026-8993-improper-url-handler-processing-in-d-launcher-2-enables-ntlm-credential-disclosure-and-ssrf-attacks","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-8993-improper-url-handler-processing-in-d-launcher-2-enables-ntlm-credential-disclosure-and-ssrf-attacks\/","title":{"rendered":"CVE-2026-8993 &#8211; Improper URL Handler Processing in D.Launcher 2 enables NTLM Credential Disclosure and SSRF attacks"},"content":{"rendered":"<p>CVE ID :CVE-2026-8993<\/p>\n<p>  Published : June 2, 2026, 12:16 p.m. | 16\u00a0minutes ago<\/p>\n<p>  Description :D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF (Server Side Request Forgery) attacks. User interaction is required as potential victim needs to open a specially crafted URL.<\/p>\n<p>  Severity: 6.5 | MEDIUM<\/p>\n<p>  Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID :CVE-2026-8993 Published : June 2, 2026, 12:16 p.m. | 16\u00a0minutes ago Description :D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF (Server Side &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-79191","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/79191","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=79191"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/79191\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=79191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=79191"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=79191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}