CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,681 vulnerabilities with CWE-918
CVE-2026-33715 HIGH
Chamilo LMS has Unauthenticated SSRF and Open Email Relay via install.ajax.php test_mailer action
CVSS 7.2
CVE-2026-38527 HIGH
Krayin Laravel CRM - Server-Side Request Forgery via Webhooks Create Endpoint
CVSS 8.5
CVE-2026-34225 MEDIUM
Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality
CVSS 4.3
CVE-2026-39418 MEDIUM
MaxKB: SSRF via sandbox network hook bypass
CVSS 5.0
CVE-2026-6220 MEDIUM
HummerRisk Video File Download URL ServerService.java ServerService.addServer server-side request forgery
CVSS 4.7
CVE-2026-33659 LOW
EspoCRM: SSRF via DNS Rebinding in Attachment fromImageUrl Endpoint Allows Internal Network Access
CVSS 3.5
CVE-2026-6215 MEDIUM
DbGate REST/GraphQL openApiDriver.ts apiServerUrl1 server-side request forgery
CVSS 6.3
CVE-2026-33534 MEDIUM
EspoCRM has authenticated SSRF via internal-host validation bypass using alternative IPv4 notation
CVSS 4.3
CVE-2026-34476 HIGH
Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server
CVSS 7.1
CVE-2026-5936 HIGH
Server-Side Request Forgery (SSRF) via URL Parameter in Foxit PDF Services API
CVSS 8.5
CVE-2026-6119 MEDIUM
AstrBotDevs AstrBot API Endpoint post_data.get server-side request forgery
CVSS 6.3
CVE-2026-6111 MEDIUM
FoundationAgents MetaGPT common.py decode_image server-side request forgery
CVSS 6.3
CVE-2026-4979 MEDIUM
UsersWP <= 1.2.58 - Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' Parameter
CVSS 5.0
CVE-2026-40242 HIGH
Arcane Unauthenticated SSRF with Conditional Response Reflection in Template Fetch Endpoint
CVSS 7.2
CVE-2026-40175 MEDIUM
Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
CVSS 4.8
CVE-2026-40168 HIGH
Postiz has Server-Side Request Forgery via Redirect Bypass in /api/public/stream
CVSS 8.2
CVE-2026-39922 MEDIUM
GeoNode < 4.4.5, 5.0.2 SSRF via Service Registration
CVSS 6.3
CVE-2026-39921 MEDIUM
GeoNode < 4.4.5, 5.0.2 SSRF via Document Upload
CVSS 6.3
CVE-2026-30232 CRITICAL
Chartbrew has SSRF in API Data Connection - No IP Validation on User-Provided URLs
CVSS 9.6
CVE-2026-31941 HIGH
Server-Side Request Forgery (SSRF) in Chamilo LMS
CVSS 7.7
CVE-2026-40160 MEDIUM
PraisonAIAgents has SSRF via unvalidated URL in `web_crawl` httpx fallback
CVSS 6.5
CVE-2026-40100 MEDIUM
FastGPT has Unauthenticated SSRF in /api/core/app/mcpTools/runTool via missing CHECK_INTERNAL_IP default
CVSS 5.3
CVE-2026-6011 MEDIUM
OpenClaw assertPublicHostname web-fetch.ts server-side request forgery
CVSS 5.6
CVE-2026-40150 HIGH
PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool
CVSS 7.7
CVE-2026-40114 HIGH
PraisonAI has Server-Side Request Forgery via Unvalidated webhook_url in Jobs API
CVSS 7.2
Details
Vulnerabilities 2,681
Links
MITRE CWE Entry Search this CWE With Exploits