Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,678 vulnerabilities with CWE-918

CVE-2026-12210 MEDIUM

universal-tool-calling-protocol python-utcp utcp-gql/utcp-websocket server-side request forgery

CVE-2026-53827 MEDIUM

OpenClaw < 2026.5.2 - Credential Exposure via Model-Supplied Loopback URLs in message.action Forwarding

CVE-2026-47268 MEDIUM

Nezha Monitoring: Authenticated DDNS webhook configuration allows blind SSRF from the dashboard host

CVE-2026-46717 HIGH

Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification

CVE-2026-53607 LOW

@apostrophecms/file pretty-URL Vulnerable to Unauthenticated SSRF via Host header

CVE-2026-45012 HIGH

Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget

CVE-2026-50552 MEDIUM

Koel: Server-Side Request Forgery (SSRF) in radio station creation due to missing validation bail

CVE-2026-47260 HIGH

Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs

CVE-2026-53812 HIGH

OpenClaw < 2026.5.18 - Private-Network Navigation Bypass via Browser Act Interactions

CVE-2026-53782 HIGH

Summarize < 0.17.0 SSRF via podcast:transcript URL fetch

CVE-2026-47170 HIGH

Garlic-Hub < 1.1 - Authenticated Server-Side Request Forgery via uploadFromUrl

CVE-2026-47157 MEDIUM

aiograpi: Unsafe signup challenge path handling

CVE-2026-46698 MEDIUM

Fediverse Embeds: Public-nonce SSRF via ftf_get_site_info AJAX action

CVE-2026-46697 HIGH

Fediverse Embeds: Unauthenticated SSRF / open proxy via REST media-proxy endpoint

CVE-2026-44492 HIGH

Axios < 0.32.0 and 1.0.0-1.15.x - NO_PROXY Bypass via IPv4-Mapped IPv6

CVE-2026-3341 MEDIUM

IBM Langflow Desktop 1.0.0 - 1.9.2 DNS Rebinding Bypasses SSRF Protection Allowing Access to Internal Services

CVE-2026-48998 MEDIUM

guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation

CVE-2026-9204 MEDIUM

Server-Side Request Forgery (SSRF) in GitLab

CVE-2026-40999 HIGH

Spring WS SSRF via unvalidated WS-Addressing reply destinations

CVE-2026-50131 HIGH

Fedify validatePublicUrl - Special-Use IPv4 Server-Side Request Forgery Bypass

CVE-2026-50127 MEDIUM

Weblate SSRF: outbound URL guard misses the NAT64 well-known prefix (64:ff9b::/96)

CVE-2026-46683 MEDIUM

Snappy: SSRF and local file read via the xsl-style-sheet option

CVE-2026-20252 HIGH

Server-Side Request Forgery (SSRF) through Dashboard Studio PDF Export in Splunk Enterprise

CVE-2026-48858 MEDIUM

ftp client PASV response IP not validated against control peer, enabling SSRF and FTP bounce attacks

CVE-2026-46497 LOW

SSRF via sitemap-derived URLs in Crawlee for Python

Page 1 of 108 Next

Details

Vulnerabilities 2,678

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy