CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,105 vulnerabilities with CWE-918
CVE-2026-3588 HIGH
IKEA Dirigera v2.866.4 - SSRF
CVSS 7.5
CVE-2026-3789 MEDIUM
Bytedesk <=1.3.9 - SSRF
CVSS 6.3
CVE-2026-3788 MEDIUM
Bytedesk <=1.3.9 - SSRF
CVSS 6.3
CVE-2026-3750 MEDIUM
ContiNew Admin <4.2.0 - SSRF
CVSS 4.7
CVE-2026-3733 MEDIUM
xxl-job <=3.3.2 - SSRF
CVSS 6.3
CVE-2026-3683 MEDIUM
bufanyun HotGo <2.0 - SSRF
CVSS 6.3
CVE-2026-3681 MEDIUM
welovemedia FFmate <2.0.15 - SSRF
CVSS 6.3
CVE-2026-30858 MEDIUM
WeKnora <0.3.0 - SSRF
CVSS 6.5
CVE-2026-30834 HIGH
PinchTab <0.7.7 - SSRF
CVSS 7.5
CVE-2026-30832 CRITICAL
Soft Serve 0.6.0-0.11.3 - SSRF
CVSS 9.1
CVE-2026-30840 HIGH
Wallos <4.6.2 - SSRF
CVSS 8.8
CVE-2026-30839
Wallos <4.6.2 - SSRF
CVE-2026-30828
Wallos <4.6.2 - Path Traversal
CVE-2026-27797 MEDIUM
Homarr <1.54.0 - SSRF
CVSS 5.3
CVE-2026-30247 MEDIUM
WeKnora <0.2.12 - SSRF
CVSS 5.9
CVE-2026-30242 HIGH
Plane <1.2.3 - SSRF
CVSS 8.5
CVE-2026-30844
Wekan 8.32-8.33 - SSRF
CVE-2026-29178
Lemmy <0.19.16 - SSRF
CVE-2026-29049 MEDIUM
melange <=0.40.5 - DoS
CVSS 4.3
CVE-2026-28680 CRITICAL
Ghostfolio <2.245.0 - SSRF
CVSS 9.3
CVE-2026-28677 HIGH
OpenSift <1.6.3-alpha - SSRF
CVSS 8.2
CVE-2026-28508
Idno <1.6.4 - SSRF
CVE-2026-28476 HIGH
OpenClaw <2026.2.14 - SSRF
CVSS 8.3
CVE-2026-28467 MEDIUM
OpenClaw <2026.2.2 - SSRF
CVSS 6.5
CVE-2026-28451 HIGH
OpenClaw <2026.2.14 - SSRF
CVSS 8.3
Details
Vulnerabilities 2,105
Links
MITRE CWE Entry Search this CWE With Exploits