CWE-918— Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.— MITRE CWE catalog
2,689 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-918page 52 of 54
- CVE-2026-55187MEDIUMCVSS 5.8EG 5.82026-06-19
Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shipped for CVE-2026-27808 is incomplete because the tools.IsInternalIP deny-list in internal/tools/net.go relies on Go's standard library classifica…
- CVE-2026-55229HIGHCVSS 7.5EG 7.52026-06-18
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /forms/libreoffice/convert endpoint allows a specially crafted document to cause LibreOffice to automatically retrieve external HTTP(S) resources and l…
- CVE-2026-5530MEDIUMCVSS 6.3EG 6.32026-04-05
A flaw has been found in Ollama up to 0.18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be la…
- CVE-2026-5538MEDIUMCVSS 6.3EG 6.32026-04-05
A vulnerability was detected in QingdaoU OnlineJudge up to 1.6.1. Affected by this issue is the function service_url of the file JudgeServer.service_url of the component judge_server_heartbeat Endpoint. The manipulation results in server-s…
- CVE-2026-55412HIGHCVSS 8.3EG 8.32026-06-25
ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes H…
- CVE-2026-55455CRITICALCVSS 9.1EG 9.12026-06-24
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filter applied by WebClientUtils (used by the REST API and GraphQL datasource plugins) validates hosts against an exact-matc…
- CVE-2026-55599MEDIUMCVSS 5.8EG 5.82026-06-22
phpseclib is a PHP secure communications library. From 0.1.1 until 1.0.30, 2.0.55, and 3.0.54, when an application validates an untrusted X.509 certificate with phpseclib, X509::validateSignature() reads a URL out of that certificate's Aut…
- CVE-2026-55641HIGHCVSS 8.2EG 8.22026-07-10
9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass …
- CVE-2026-55671LOWCVSS 2.3EG 2.32026-06-18
ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL's HTTP notification channels, OIDC BackChannel Logout, and SAML metadata URL fetches do not consistently validate user-defined URLs against pro…
- CVE-2026-55791MEDIUMCVSS 6.9EG 6.92026-06-19
Craft CMS is a content management system (CMS). Versions 4.0.0-RC1 and above, prior to 4.18.0 and 5.0.0-RC1, and above, prior to 5.10.0, are vulnerable to Server-Side Request Forgery (SSRF) and Arbitrary JavaScript Injection through the /a…
- CVE-2026-55807LOWCVSS 3.1EG 3.12026-07-10
Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.…
- CVE-2026-55993HIGHCVSS 7.5EG 7.52026-07-06
Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel in Atmosphere Websocket Component. The camel-atmosphere-websocket consumer mapped inbo…
- CVE-2026-55994HIGHCVSS 7.5EG 7.52026-07-06
Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy mes…
- CVE-2026-56026MEDIUMCVSS 6.4EG 6.42026-06-26
Subscriber Server Side Request Forgery (SSRF) in utm.codes <= 1.9.0 versions.
- CVE-2026-5607MEDIUMCVSS 6.3EG 6.32026-04-06
A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler. The manipulation of the argument requ…
- CVE-2026-5618MEDIUMCVSS 5.6EG 5.62026-04-06
A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake/shareCheck. Performing a manipulation of the argument siteFrom/siteTo results in server-side request forgery. The atta…
- CVE-2026-56227MEDIUMCVSS 5.4EG 5.42026-06-20
Capgo before 12.128.2 contains a server-side request forgery vulnerability in webhook URL validation that allows loopback and internal addresses. Organization admins can configure webhooks pointing to localhost or 127.0.0.1, and when trigg…
- CVE-2026-5623MEDIUMCVSS 6.3EG 6.32026-04-06
A vulnerability was identified in hcengineering Huly Platform 0.7.382. This affects an unknown part of the file server/front/src/index.ts of the component Import Endpoint. Such manipulation leads to server-side request forgery. The attack …
- CVE-2026-56261HIGHCVSS 7.5EG 8.62026-07-10
Crawl4AI before 0.8.7 contains a server-side request forgery (SSRF) vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs p…
- CVE-2026-56266HIGHCVSS 8.6EG 8.62026-06-16
Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-…
- CVE-2026-56275HIGHCVSS 7.1EG 7.12026-06-23
Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP …
- CVE-2026-56285HIGHCVSS 8.6EG 8.62026-06-29
Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, allowing unauthenticated attackers to compute valid HMACs for arbitrary URLs. Attackers can retrieve HTTP r…
- CVE-2026-5633HIGHCVSS 7.3EG 7.32026-04-06
A vulnerability was determined in assafelovic gpt-researcher up to 3.4.3. Affected is an unknown function of the component ws Endpoint. Executing a manipulation of the argument source_urls can lead to server-side request forgery. It is pos…
- CVE-2026-56342MEDIUMCVSS 6.8EG 6.82026-06-20
AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenticated administrators to read arbitrary URLs via the statsURL parameter, which lacks isSSRFSafeURL() validation and…
- CVE-2026-56348CRITICALCVSS 9.9EG 9.92026-05-19
n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authenticated users to bypass Allowed HTTP Request Domains restrictions. Attackers with credential ac…
- CVE-2026-56399MEDIUMCVSS 5.0EG 5.02026-07-01
Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location r…
- CVE-2026-56663HIGHCVSS 8.5EG 8.52026-06-26
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an authenticated user can bypass the SSRF / private-IP protections in SendWebRequestBlock and reach…
- CVE-2026-56676HIGHCVSS 7.4EG 7.42026-07-10
9Router is an AI router & token saver. Prior to 0.5.2, 9router validates image URLs by resolving the host before fetching, but open-sse/translator/concerns/image.js performs the later server-side image fetch with a separate DNS resolution.…
- CVE-2026-56769HIGHCVSS 8.5EG 8.52026-06-25
Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that allows workspace users to make arbitrary server requests. Attackers can ex…
- CVE-2026-56771HIGHCVSS 8.5EG 8.52026-06-25
NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the add_url endpoint that allows authenticated users to make arbitrary server requests to internal networks by failing to filter private IP addresses. A…
- CVE-2026-56779MEDIUMCVSS 6.4EG 6.42026-06-25
MaxKB before 2.10.0 contains a server-side request forgery vulnerability in tool creation and update endpoints that allows authenticated users to make arbitrary server requests by supplying unvalidated downloadCallbackUrl and download_url …
- CVE-2026-57100CRITICALCVSS 9.9EG 9.92026-07-02
Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.
- CVE-2026-57211CRITICALCVSS 10.0EG 6.52026-07-10
RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbit_mgmt_wm_static can pass URL-encoded backslashes to erl_prim_loader:read_file_info before path val…
- CVE-2026-57303HIGHCVSS 7.1EG 7.12026-06-24
Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins …
- CVE-2026-57348HIGHCVSS 7.2EG 7.22026-07-02
Unauthenticated Server Side Request Forgery (SSRF) in Paid Member Subscriptions <= 3.0.4 versions.
- CVE-2026-5737MEDIUMCVSS 6.5EG 6.52026-05-28
The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled refer…
- CVE-2026-57372HIGHCVSS 7.2EG 7.22026-07-13
Server-Side Request Forgery (SSRF) vulnerability in denishua WPJAM Basic wpjam-basic allows Server Side Request Forgery.This issue affects WPJAM Basic: from n/a through <= 7.0.
- CVE-2026-57407HIGHCVSS 7.2EG 7.22026-07-13
Server-Side Request Forgery (SSRF) vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Server Side Request Forgery.This issue affects PDF Generator for WordPress: from n/a through <= 1.6.2.
- CVE-2026-57413MEDIUMCVSS 6.4EG 6.42026-07-13
Server-Side Request Forgery (SSRF) vulnerability in bdthemes Instant Image Generator ai-image allows Server Side Request Forgery.This issue affects Instant Image Generator: from n/a through <= 2.1.4.
- CVE-2026-57573HIGHCVSS 8.6EG 8.62026-07-06
Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server applied its SSRF destination check on the non-streaming /crawl path but not on the streaming path. handle_stream_crawl_request passed se…
- CVE-2026-57575MEDIUMCVSS 6.9EG 6.92026-07-10
Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a Server-Side Request Forgery (SSRF) vulnerability in URL preview functionality in UrlPreviewService. Due to missing network restrictions befor…
- CVE-2026-57627MEDIUMCVSS 4.9EG 4.92026-06-26
Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.
- CVE-2026-57681MEDIUMCVSS 6.4EG 6.42026-07-02
Subscriber Server Side Request Forgery (SSRF) in GeoDirectory <= 2.8.161 versions.
- CVE-2026-5773HIGHCVSS 7.5EG 7.52026-05-13
libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection …
- CVE-2026-57940LOWCVSS 2.1EG 2.12026-06-26
HTMLy 3.1.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the RSS feed import functionality. The function get_feed() in system/admin/admin.php passes user-supplied $feed_url directly to file_get_contents() without any vali…
- CVE-2026-57947HIGHCVSS 8.5EG 8.52026-06-29
Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoint that allows authenticated users to register internal URLs due to missing SSRF protection. Attackers can trigger alarm threshol…
- CVE-2026-57987MEDIUMCVSS 6.5EG 6.52026-07-03
Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
- CVE-2026-57993HIGHCVSS 7.4EG 7.42026-07-03
Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
- CVE-2026-5803MEDIUMCVSS 6.3EG 6.32026-04-08
A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f3893468f53b2797c. The affected element is an unknown function of the file server.js of the component API Proxy Endpoint. Performing a manipulati…
- CVE-2026-58278MEDIUMCVSS 5.4EG 5.42026-07-03
Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Map vulnerabilities like CWE-918 to your infrastructure
EchelonGraph correlates every CVE — across CWE-918 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →