CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,683 vulnerabilities with CWE-918
CVE-2026-33407 CRITICAL
Wallos: SSRF via HTTP Proxy Environment Variable
CVSS 9.1
CVE-2026-33401 MEDIUM
Wallos: Incomplete fix for CVE-2026-30840 - SSRF in AI and notification endpoints bypass ssrf_helper.php
CVSS 6.5
CVE-2026-33399 HIGH
Wallos: SSRF Bypass - Incomplete Fix for CVE-2026-30839/30840
CVSS 7.7
CVE-2026-33340 CRITICAL
LoLLMs WEBUI has unauthenticated Server-Side Request Forgery (SSRF) in /api/proxy endpoint
CVSS 9.1
CVE-2026-33679 MEDIUM
Vikunja has SSRF via OpenID Connect Avatar Download that Bypasses Webhook SSRF Protections
CVSS 6.4
CVE-2026-33675 MEDIUM
Vikunja has SSRF via Todoist/Trello Migration File Attachment URLs that Allows Reading Internal Network Resources
CVSS 6.4
CVE-2026-4623 HIGH
DefaultFuction Jeson-Customer-Relationship-Management-System API Module System.php server-side request forgery
CVSS 7.3
CVE-2026-32279 MEDIUM
Connect CMS has SSRF in the External Page Migration Feature of its Page Management Plugin
CVSS 6.8
CVE-2026-33502 CRITICAL
AVideo has Unauthenticated SSRF via plugin/Live/test.php
CVSS 9.3
CVE-2026-33480 HIGH
AVideo <=26.0 LiveLinks Proxy - Server-Side Request Forgery Bypass
CVSS 8.6
CVE-2026-4589 MEDIUM
kalcaddle kodbox fileGet Endpoint editor.class.php PathDriverUrl server-side request forgery
CVSS 6.3
CVE-2026-33351 CRITICAL
AVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification Bypass
CVSS 9.1
CVE-2026-33294 MEDIUM
AVideo has SSRF in BulkEmbed Thumbnail Fetch that Allows Reading Internal Network Resources
CVSS 5.0
CVE-2026-4528 HIGH
trueleaf ApiFlow URL Validation http_proxy.service.ts validateUrlSecurity server-side request forgery
CVSS 7.3
CVE-2026-3478 HIGH
Content Syndication Toolkit <= 1.3 - Unauthenticated Server-Side Request Forgery via 'url' Parameter
CVSS 7.2
CVE-2026-2290 LOW
Post Affiliate Pro <= 1.28.0 - Authenticated (Administrator+) Server-Side Request Forgery via 'Post Affiliate Pro URL' Field
CVSS 3.8
CVE-2026-1648 HIGH
Performance Monitor <= 1.0.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter
CVSS 7.2
CVE-2026-1313 HIGH
MimeTypes Link Icons <= 3.2.20 - Authenticated (Contributor+) Server-Side Request Forgery via Crafted Links in Post Content
CVSS 8.3
CVE-2026-4302 HIGH
WowOptin: Next-Gen Popup Maker <= 1.4.29 - Unauthenticated Server-Side Request Forgery via 'link' Parameter in REST API
CVSS 7.2
CVE-2026-33237 MEDIUM
AVideo has SSRF in Scheduler Plugin via callbackURL Missing `isSSRFSafeURL()` Validation
CVSS 5.5
CVE-2026-33226 HIGH
Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview
CVSS 8.7
CVE-2026-33126 MEDIUM
Frigate has SSRF vulnerability in /ffprobe endpoint
CVSS 5.0
CVE-2026-33081 MEDIUM
PinchTab has Blind SSRF via browser-side redirect bypass in /download URL validation
CVSS 5.8
CVE-2026-33060 MEDIUM
CKAN MCP Server: SSRF via base_url allows access to internal networks
CVSS 5.3
CVE-2026-33039 HIGH
AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy
CVSS 8.6
Details
Vulnerabilities 2,683
Links
MITRE CWE Entry Search this CWE With Exploits