CWE-918— Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.— MITRE CWE catalog
2,678 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-918page 43 of 54
- CVE-2026-25883MEDIUMCVSS 5.8EG 5.82026-04-20
Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa webhook feature allows authenticated users to configure an arbitrary URL that receives HTTP POST requests when meeti…
- CVE-2026-25904MEDIUMCVSS 5.8EG 5.82026-02-09
The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive configuration that allows the underlying Python code to access the localhost interface of the host to perform SSRF attacks. Note - the "mcp-run-pytho…
- CVE-2026-25960CRITICALCVSS 9.8EG 9.82026-03-09
vLLM is an inference and serving engine for large language models (LLMs). The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in the load_from_url_async method due to inconsistent URL parsing behavior between the valid…
- CVE-2026-25991HIGHCVSS 7.7EG 7.72026-02-13
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, there is a Blind Server-Side Request Forgery (SSRF) vulnerability in the Cookmate recipe import feature of Tandoor Recipes…
- CVE-2026-26005MEDIUMCVSS 5.0EG 5.02026-02-12
ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #45, in Clip Bucket V5, The Remote Play allows creating video entries that reference external video URLs without uploading the video files to the server. However, by …
- CVE-2026-26013LOWCVSS 3.7EG 3.72026-02-10
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.get_num_tokens_from_messages() method fetches arbitrary image_url values without validation when computing token counts for vision-e…
- CVE-2026-26019MEDIUMCVSS 4.1EG 4.12026-02-11
LangChain is a framework for building LLM-powered applications. Prior to 1.1.14, the RecursiveUrlLoader class in @langchain/community is a web crawler that recursively follows links from a starting URL. Its preventOutside option (enabled b…
- CVE-2026-26118HIGHCVSS 8.8EG 8.82026-03-10
Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.
- CVE-2026-26120MEDIUMCVSS 6.5EG 6.52026-03-19
Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tampering over a network.
- CVE-2026-26121HIGHCVSS 7.5EG 7.52026-03-10
Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network.
- CVE-2026-26135CRITICALCVSS 9.6EG 9.62026-04-03
Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.
- CVE-2026-26137CRITICALCVSS 9.9EG 8.92026-03-19
Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network.
- CVE-2026-26138HIGHCVSS 8.6EG 8.62026-03-19
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.
- CVE-2026-26139HIGHCVSS 8.6EG 8.62026-03-19
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.
- CVE-2026-26150HIGHCVSS 8.6EG 8.62026-04-23
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.
- CVE-2026-26379MEDIUMCVSS 6.5EG 6.52026-06-03
Koha versions up to 25.11 contain a Server-Side Request Forgery (SSRF) vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning and identify running services by analyzi…
- CVE-2026-2654MEDIUMCVSS 6.3EG 6.32026-02-18
A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component LocalPythonExecutor. Executing a manipulation can lead to server-side request forgery. It is possible to …
- CVE-2026-2711MEDIUMCVSS 5.6EG 5.62026-02-19
A vulnerability has been found in zhutoutoutousan worldquant-miner up to 1.0.9. The impacted element is an unknown function of the file worldquant-miner-master/agent-dify-api/core/helper/ssrf_proxy.py of the component URL Handler. The mani…
- CVE-2026-27759NONECVSS 0.0EG 5.32026-02-27
Featured Image from Content (featured-image-from-content) WordPress plugin versions prior to 1.7 contain an authenticated server-side request forgery vulnerability that allows Author-level users to fetch internal HTTP resources. Attackers…
- CVE-2026-28036MEDIUMCVSS 6.4EG 6.42026-03-05
Server-Side Request Forgery (SSRF) vulnerability in SkatDesign Ratatouille ratatouille allows Server Side Request Forgery.This issue affects Ratatouille: from n/a through <= 1.2.6.
- CVE-2026-28295MEDIUMCVSS 4.3EG 4.32026-02-26
A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode (PASV) response. The client unconditionally trusts this information and attem…
- CVE-2026-28385MEDIUMCVSS 5.0EG 5.02026-06-26
In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in the image import functionality allows authenticated users with the can_create_images entitlement to interact with internal network infrastruc…
- CVE-2026-28798CRITICALCVSS 9.0EG 9.02026-04-03
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Prior to version 1.5.3, a proxy endpoint (/v1/sys/proxy) exposed by ZimaOS's web interface can be abused (via an externally reachable domain usi…
- CVE-2026-29049MEDIUMCVSS 4.3EG 4.32026-03-02
melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP client timeout (pkg/renovate/cache/cache…
- CVE-2026-29226HIGHCVSS 7.3EG 7.32026-05-19
Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
- CVE-2026-2945MEDIUMCVSS 6.3EG 6.32026-02-22
A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileUrl can lead to server-side request forgery…
- CVE-2026-2948MEDIUMCVSS 6.4EG 6.42026-05-05
The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the import_images() function. This makes it possible for auth…
- CVE-2026-2985MEDIUMCVSS 6.3EG 6.32026-02-23
A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a manipulation of the argument …
- CVE-2026-29925HIGHCVSS 7.7EG 7.72026-03-30
Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery (SSRF) in CheckDatabaseRequest.php.
- CVE-2026-30118CRITICALCVSS 9.8EG 9.82026-05-19
scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTT…
- CVE-2026-30232CRITICALCVSS 9.6EG 9.62026-04-10
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The ser…
- CVE-2026-3026HIGHCVSS 7.3EG 7.32026-02-23
A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to se…
- CVE-2026-30404HIGHCVSS 7.5EG 7.52026-03-19
The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery (SSRF) vulnerability. This issue can be exploited to make the server send requests to probe the internal network, remotely download…
- CVE-2026-3048MEDIUMCVSS 5.1EG 5.12026-05-11
An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP s…
- CVE-2026-3052MEDIUMCVSS 6.3EG 6.32026-02-24
A vulnerability was found in DataLinkDC dinky up to 1.2.5. The impacted element is the function proxyUba of the file dinky-admin/src/main/java/org/dinky/controller/FlinkProxyController.java of the component Flink Proxy Controller. Performi…
- CVE-2026-30810HIGHCVSS 8.8EG 8.82026-05-12
Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800
- CVE-2026-31017CRITICALCVSS 9.1EG 9.12026-04-08
A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before being rendered into PDF. When generati…
- CVE-2026-31317HIGHCVSS 7.5EG 7.52026-04-17
Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file
- CVE-2026-3163MEDIUMCVSS 6.3EG 6.32026-02-25
A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function file_get_contents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to i…
- CVE-2026-31818CRITICALCVSS 9.6EG 9.62026-04-03
Budibase is an open-source low-code platform. Prior to version 3.33.4, a server-side request forgery (SSRF) vulnerability exists in Budibase's REST datasource connector. The platform's SSRF protection mechanism (IP blacklist) is rendered c…
- CVE-2026-3189LOWCVSS 3.1EG 3.12026-02-25
A weakness has been identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This vulnerability affects unknown code of the file /api/admin/common/files/download. Executing a manipulation of the argument url can lead to server-side requ…
- CVE-2026-31910HIGHCVSS 7.5EG 7.52026-05-19
Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
- CVE-2026-31941HIGHCVSS 7.7EG 7.72026-04-10
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery (SSRF) vulnerability in the Social Wall feature. The endpoint read_url_with_open_graph accepts a URL from the …
- CVE-2026-31955MEDIUMCVSS 4.9EG 4.92026-04-24
Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery (SSRF) vulnerability in versions prior to 4.4.1 allows users with DataSe…
- CVE-2026-31989HIGHCVSS 7.4EG 7.42026-03-19
OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in web_search citation redirect resolution that uses a private-network-allowing SSRF policy. An attacker who can influence citation redirect targets ca…
- CVE-2026-32019HIGHCVSS 7.4EG 7.42026-03-19
OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4() function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to specia…
- CVE-2026-32037MEDIUMCVSS 6.0EG 6.02026-03-19
OpenClaw versions prior to 2026.2.22 fail to consistently validate redirect chains against configured mediaAllowHosts allowlists during MSTeams media downloads. Attackers can supply or influence attachment URLs to force redirects to non-al…
- CVE-2026-32169CRITICALCVSS 10.0EG 10.02026-03-19
Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network.
- CVE-2026-32186CRITICALCVSS 10.0EG 6.52026-04-03
Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network.
- CVE-2026-32210CRITICALCVSS 9.3EG 9.32026-04-23
Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.
Map vulnerabilities like CWE-918 to your infrastructure
EchelonGraph correlates every CVE — across CWE-918 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →