CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,441 vulnerabilities with CWE-918
CVE-2026-33537 MEDIUM
Lychee has SSRF bypass via incomplete IP validation in Photo::fromUrl — loopback and link-local IPs not blocked
CVSS 5.0
CVE-2026-33486 MEDIUM
Roadiz has Server-Side Request Forgery (SSRF) in roadiz/documents
CVSS 6.8
CVE-2026-32857 HIGH
Firecrawl Playwright Service SSRF Protection Bypass via Missing Post-Redirect Validation
CVSS 8.6
CVE-2026-4874 LOW
Org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side request forgery via oidc token endpoint manipulation
CVSS 3.1
CVE-2026-33182 HIGH
Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL
CVSS 7.5
CVE-2026-1561 MEDIUM
IBM WebSphere Application Server Liberty Server-Side Request Forgery
CVSS 5.4
CVE-2026-1015 MEDIUM
IBM InfoSphere Information Server is vulnerable to server-side request forgery
CVSS 5.4
CVE-2026-24964 MEDIUM
WordPress Contest Gallery plugin <= 28.1.2.1 - Server Side Request Forgery (SSRF) vulnerability
CVSS 6.4
CVE-2026-3216 MEDIUM
Drupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017
CVSS 5.0
CVE-2026-33347 MEDIUM
league/commonmark has an embed extension allowed_domains bypass
CVSS 6.1
CVE-2026-33407 CRITICAL
Wallos: SSRF via HTTP Proxy Environment Variable
CVSS 9.1
CVE-2026-33401 MEDIUM
Wallos: Incomplete fix for CVE-2026-30840 - SSRF in AI and notification endpoints bypass ssrf_helper.php
CVSS 6.5
CVE-2026-33399 HIGH
Wallos: SSRF Bypass - Incomplete Fix for CVE-2026-30839/30840
CVSS 7.7
CVE-2026-33340 CRITICAL
LoLLMs WEBUI has unauthenticated Server-Side Request Forgery (SSRF) in /api/proxy endpoint
CVSS 9.1
CVE-2026-33679 MEDIUM
Vikunja has SSRF via OpenID Connect Avatar Download that Bypasses Webhook SSRF Protections
CVSS 6.4
CVE-2026-33675 MEDIUM
Vikunja has SSRF via Todoist/Trello Migration File Attachment URLs that Allows Reading Internal Network Resources
CVSS 6.4
CVE-2026-4623 HIGH
DefaultFuction Jeson-Customer-Relationship-Management-System API Module System.php server-side request forgery
CVSS 7.3
CVE-2026-32279 MEDIUM
Connect CMS has SSRF in the External Page Migration Feature of its Page Management Plugin
CVSS 6.8
CVE-2026-33502 CRITICAL
AVideo has Unauthenticated SSRF via plugin/Live/test.php
CVSS 9.3
CVE-2026-33480 HIGH
AVideo has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in Unauthenticated LiveLinks Proxy
CVSS 8.6
CVE-2026-4589 MEDIUM
kalcaddle kodbox fileGet Endpoint editor.class.php PathDriverUrl server-side request forgery
CVSS 6.3
CVE-2026-33351 CRITICAL
AVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification Bypass
CVSS 9.1
CVE-2026-33294 MEDIUM
AVideo has SSRF in BulkEmbed Thumbnail Fetch that Allows Reading Internal Network Resources
CVSS 5.0
CVE-2026-4528 HIGH
trueleaf ApiFlow URL Validation http_proxy.service.ts validateUrlSecurity server-side request forgery
CVSS 7.3
CVE-2026-3478 HIGH
Content Syndication Toolkit <= 1.3 - Unauthenticated Server-Side Request Forgery via 'url' Parameter
CVSS 7.2
Details
Vulnerabilities 2,441
Links
MITRE CWE Entry Search this CWE With Exploits