CWE-918— Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.— MITRE CWE catalog
2,678 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-918page 41 of 54
- CVE-2026-12798MEDIUMCVSS 6.3EG 6.32026-06-21
A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function load_openapi_spec_async of the file litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py of the component MCP Open…
- CVE-2026-12813MEDIUMCVSS 6.3EG 6.32026-06-22
A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. The manipulation…
- CVE-2026-1294HIGHCVSS 7.2EG 7.22026-02-05
The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.2 due to missing authorization and URL validation on the image-proxy REST API endpoint. This make…
- CVE-2026-12986HIGHCVSS 7.3EG 7.32026-06-24
A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full u…
- CVE-2026-12992HIGHCVSS 7.4EG 7.42026-06-25
A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a …
- CVE-2026-1313HIGHCVSS 8.3EG 8.32026-03-21
The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.20. This is due to the plugin making outbound HTTP requests to user-controlled URLs without proper validat…
- CVE-2026-13150MEDIUMCVSS 6.9EG 6.92026-06-24
Server-Side Request Forgery (SSRF) (CWE-918) in the PDF generation endpoint GET /api/reports/{id}/pdf (backend/main.py) in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or…
- CVE-2026-13233NONECVSS 0.0EG 0.02026-07-10
Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2.
- CVE-2026-13316MEDIUMCVSS 4.4EG 4.42026-06-30
A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman componen…
- CVE-2026-13318MEDIUMCVSS 6.4EG 6.42026-06-26
A server-side request forgery (SSRF) flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance (VMI), virt-api reads the target IP from vmi.Status.Interfaces[0].IP and pa…
- CVE-2026-1343HIGHCVSS 7.2EG 7.22026-04-08
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attac…
- CVE-2026-13540MEDIUMCVSS 6.3EG 6.32026-06-29
A security flaw has been discovered in GitBucket up to 4.46.1. This affects the function Git.cloneRepository.setURI of the file src/main/scala/gitbucket/core/service/RepositoryCreationService.scala. Performing a manipulation of the argumen…
- CVE-2026-1356MEDIUMCVSS 4.8EG 4.82026-02-12
The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.5.1 via the PassthruLoader::load_image_source function. This makes …
- CVE-2026-13603CRITICALCVSS 9.0EG 9.02026-07-01
The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's technology. The integration of Oppwa, following their official documentation, includes a step whe…
- CVE-2026-13751CRITICALCVSS 9.6EG 4.12026-06-29
Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference remote URLs that were retrieved at runtime wi…
- CVE-2026-13773CRITICALCVSS 10.0EG 6.02026-06-30
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.string_to_object() on an attacker-controlled IOR string during Java deserialization, turni…
- CVE-2026-14336HIGHCVSS 8.2EG 8.22026-07-02
PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check (issuer.startswith(' https://ci.eclipse.org ') in is_issuer_known, pia/models.py:139) instead of validating the issuer as a properly host-bounded URL. An attack…
- CVE-2026-14748MEDIUMCVSS 6.3EG 6.32026-07-05
A flaw has been found in AIAnytime Awesome-MCP-Server up to a884bb51bcd99e08e14fd712c749d55d9d9a13ab. Affected by this issue is some unknown functionality of the file mcp-wiki/src/mcp_wiki/server.py of the component mcp-wiki/wiki-summary. …
- CVE-2026-15143CRITICALCVSS 9.3EG 9.32026-07-10
A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed without proper restrictions. This can lea…
- CVE-2026-1518LOWCVSS 2.7EG 2.72026-02-02
A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.
- CVE-2026-15189MEDIUMCVSS 6.3EG 6.32026-07-09
A security vulnerability has been detected in aerostackdev aerostack-mcp up to 6315dfde7df0a15aaf743f88d91347115e09ba23. Affected by this issue is the function upload_media of the component mcp-whatsapp. Such manipulation of the argument m…
- CVE-2026-15317MEDIUMCVSS 6.3EG 6.32026-07-10
A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarded Web Fetch Flow. The manipulation resu…
- CVE-2026-15330HIGHCVSS 7.3EG 7.32026-07-10
A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function _build_image_content/_download_to_data_url of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the arg…
- CVE-2026-15378CRITICALCVSS 9.3EG 9.32026-07-10
A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema Definition (XSD) string. This can lead…
- CVE-2026-15500MEDIUMCVSS 6.3EG 6.32026-07-12
A weakness has been identified in AstrBotDevs AstrBot up to 4.25.2. Affected by this vulnerability is the function get_online_plugins of the file astrbot/dashboard/routes/plugin.py of the component market_list Endpoint. Executing a manipul…
- CVE-2026-15501MEDIUMCVSS 6.3EG 6.32026-07-12
A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsRoute.test_mcp_connection of the file astrbot/dashboard/routes/tools.py of the component MCP Test Endpoint. The man…
- CVE-2026-15508MEDIUMCVSS 6.3EG 6.32026-07-12
A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function build_target_url of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata Service. Executing a manipulation of the argument e…
- CVE-2026-15525MEDIUMCVSS 6.3EG 6.32026-07-13
A vulnerability was detected in kLOsk adloop up to 0.9.0. This vulnerability affects the function _validate_urls of the file src/adloop/ads/write.py. Performing a manipulation of the argument final_url results in server-side request forger…
- CVE-2026-1648HIGHCVSS 7.2EG 7.22026-03-21
The Performance Monitor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.6. This is due to insufficient validation of the 'url' parameter in the '/wp-json/performance-monitor/v1/cu…
- CVE-2026-1857MEDIUMCVSS 4.3EG 4.32026-02-18
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the `endpoint` parameter in the `get_items(…
- CVE-2026-1884MEDIUMCVSS 4.7EG 4.72026-02-04
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The att…
- CVE-2026-1999MEDIUMCVSS 6.5EG 6.52026-02-18
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enable_a…
- CVE-2026-20035HIGHCVSS 7.2EG 7.22026-05-06
A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HT…
- CVE-2026-20041MEDIUMCVSS 6.1EG 6.12026-04-01
A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to …
- CVE-2026-20230HIGHCVSS 8.6EG 9.0⚠ KEV2026-06-03
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forger…
- CVE-2026-20252HIGHCVSS 7.6EG 7.62026-06-10
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the "admin" …
- CVE-2026-2053CRITICALCVSS 10.0EG 8.32026-06-26
The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing heade…
- CVE-2026-20958MEDIUMCVSS 5.4EG 5.42026-01-13
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.
- CVE-2026-21433HIGHCVSS 7.7EG 7.72026-01-02
Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band (OOB) requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http[:]//emblog/admin/medi…
- CVE-2026-21512MEDIUMCVSS 6.5EG 6.52026-02-10
Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network.
- CVE-2026-21859MEDIUMCVSS 5.8EG 5.82026-01-08
Mailpit is an email testing tool and API for developers. Versions 1.28.0 and below have a Server-Side Request Forgery (SSRF) vulnerability in the /proxy endpoint, allowing attackers to make requests to internal network resources. The /prox…
- CVE-2026-21885MEDIUMCVSS 6.5EG 6.52026-01-08
Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint (`GET /proxy/{encodedDigest}/{encodedURL}`) can be abused to perform Server-Side Request Forgery (SSRF). An authenticated user can cause Min…
- CVE-2026-22039CRITICALCVSS 9.9EG 9.92026-01-27
Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved `urlPath` is executed usi…
- CVE-2026-22048HIGHCVSS 7.1EG 7.12026-02-18
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID (formerly Azure AD) as an IdP are susceptible to a Server-Side Request Forgery (SSRF)…
- CVE-2026-22181HIGHCVSS 7.6EG 7.62026-03-18
OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows attackers to circumvent SSRF guards when environment proxy variables are configured. When HTTP_PROXY, HTTPS_PROXY, or ALL_…
- CVE-2026-22219HIGHCVSS 7.7EG 7.72026-01-20
Chainlit versions prior to 2.9.4 contain a server-side request forgery (SSRF) vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled u…
- CVE-2026-22245HIGHCVSS 7.5EG 7.52026-01-08
Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP…
- CVE-2026-22247MEDIUMCVSS 4.1EG 4.12026-02-04
GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5.
- CVE-2026-22358MEDIUMCVSS 5.4EG 5.42026-01-22
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through <= …
- CVE-2026-22482MEDIUMCVSS 4.9EG 9.12026-01-22
Server-Side Request Forgery (SSRF) vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.This issue affects IMGspider: from n/a through <= 2.3.12.
Map vulnerabilities like CWE-918 to your infrastructure
EchelonGraph correlates every CVE — across CWE-918 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →