CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,683 vulnerabilities with CWE-918
CVE-2026-33953 HIGH
LinkAce's SSRF protection can be bypassed via internal hostname resolution in LinkAce
CVSS 8.5
CVE-2026-31945 HIGH
LibreChat Server-Side Request Forgery using DNS resolution
CVSS 7.7
CVE-2026-31943 HIGH
LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP
CVSS 8.5
CVE-2026-4964 MEDIUM
letta-ai letta File URL message_helper.py _convert_message_create_to_message server-side request forgery
CVSS 6.3
CVE-2026-4953 HIGH
mingSoft MCMS Editor Endpoint BaseAction.java catchImage server-side request forgery
CVSS 7.3
CVE-2026-33766 MEDIUM
AVideo has SSRF Protection Bypass via HTTP Redirect in Image Download Endpoints
CVSS 6.5
CVE-2026-33205 MEDIUM
calibre has Server-Side Request Forgery in ebook viewer backend
CVSS 5.5
CVE-2026-30637 HIGH
OTCMS <=7.66 AnnounContent - Unauthenticated Server-Side Request Forgery
CVSS 7.5
CVE-2026-22742 HIGH
Server-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching
CVSS 8.6
CVE-2026-4907 MEDIUM
Page-Replica Page Replica Endpoint sitemap sitemap.fetch server-side request forgery
CVSS 6.3
CVE-2026-33693 MEDIUM
Lemmy's Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()
CVSS 6.5
CVE-2026-33682 MEDIUM
Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)
CVSS 4.7
CVE-2026-3530 MEDIUM
OpenID Connect / OAuth client - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-025
CVSS 4.3
CVE-2026-33644 MEDIUM
Lychee has SSRF bypass via DNS rebinding — PhotoUrlRule only validates IP addresses, not hostnames resolving to internal IPs
CVSS 4.3
CVE-2026-33619 MEDIUM
PinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrl
CVSS 4.1
CVE-2026-33537 MEDIUM
Lychee has SSRF bypass via incomplete IP validation in Photo::fromUrl — loopback and link-local IPs not blocked
CVSS 5.0
CVE-2026-33486 MEDIUM
Roadiz has Server-Side Request Forgery (SSRF) in roadiz/documents
CVSS 6.8
CVE-2026-32857 HIGH
Firecrawl Playwright Service SSRF Protection Bypass via Missing Post-Redirect Validation
CVSS 8.6
CVE-2026-4874 LOW
Org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side request forgery via oidc token endpoint manipulation
CVSS 3.1
CVE-2026-33182 HIGH
Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL
CVSS 7.5
CVE-2026-1561 MEDIUM
IBM WebSphere Application Server Liberty Server-Side Request Forgery
CVSS 5.4
CVE-2026-1015 MEDIUM
IBM InfoSphere Information Server is vulnerable to server-side request forgery
CVSS 5.4
CVE-2026-24964 MEDIUM
WordPress Contest Gallery plugin <= 28.1.2.1 - Server Side Request Forgery (SSRF) vulnerability
CVSS 6.4
CVE-2026-3216 MEDIUM
Drupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017
CVSS 5.0
CVE-2026-33347 MEDIUM
league/commonmark 2.3.0-2.8.1 Embed Extension - Domain Allowlist Bypass
CVSS 6.1
Details
Vulnerabilities 2,683
Links
MITRE CWE Entry Search this CWE With Exploits