CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,697 vulnerabilities with CWE-918
CVE-2026-3026 HIGH
JEEWMS < 3.7 - Server-Side Request Forgery via UEditor getRemoteImage.jsp
CVSS 7.3
CVE-2026-2985 MEDIUM
Tiandy Video Surveillance System 7.17.0 - SSRF
CVSS 6.3
CVE-2026-2945 MEDIUM
JeecgBoot 3.9.0 uploadImgByHttp - fileUrl Server-Side Request Forgery
CVSS 6.3
CVE-2026-27488 HIGH
OpenClaw < 2026.2.19 - Server-Side Request Forgery via Cron Webhook Delivery
CVSS 7.3
CVE-2026-27479 HIGH
wallos < 4.6.1 - Server-Side Request Forgery via Logo Upload Redirect Bypass
CVSS 7.7
CVE-2026-27170 HIGH
OpenSift < 1.1.3 - Server-Side Request Forgery via URL Ingest
CVSS 7.1
CVE-2026-26324 HIGH
OpenClaw < 2026.2.14 - Server-Side Request Forgery via IPv6 Literal Bypass
CVSS 7.5
CVE-2026-26322 HIGH
OpenClaw < 2026.2.14 - Server-Side Request Forgery via Gateway Tool URL Override
CVSS 7.6
CVE-2026-26286 HIGH
SillyTavern < 1.16.0 - Authenticated Server-Side Request Forgery via Asset Download Endpoint
CVSS 8.5
CVE-2026-27472 MEDIUM
SPIP 4.4.0-4.4.8 - Authenticated Blind Server-Side Request Forgery via Syndicated Sites
CVSS 4.3
CVE-2026-26339 CRITICAL
Hyland Alfresco Transformation Service - RCE
CVSS 9.8
CVE-2026-26338 CRITICAL
Hyland Alfresco Transformation Service - SSRF
CVSS 9.8
CVE-2026-2274 HIGH
AppSheet Web (Main Server) < 2025-11-23 - Authenticated Server-Side Request Forgery and Arbitrary File Read
CVE-2026-25738 MEDIUM
Indico < 3.3.10 - Server-Side Request Forgery via User-Provided URL
CVSS 4.3
CVE-2026-25428 MEDIUM
TS Poll <= 2.5.5 - Server-Side Request Forgery
CVSS 4.4
CVE-2026-25385 MEDIUM
KaizenCoders URL Shortify <= 1.12.3 - Server-Side Request Forgery
CVSS 5.5
CVE-2026-25310 MEDIUM
Alobaidi Extend Link <=2.0.0 - SSRF
CVSS 4.9
CVE-2026-23803 MEDIUM
Smart Auto Upload Images <=1.2.2 - SSRF
CVSS 6.4
CVE-2026-2711 MEDIUM
zhutoutoutousan worldquant-miner <=1.0.9 - SSRF
CVSS 5.6
CVE-2026-2654 MEDIUM
huggingface smolagents 1.24.0 - SSRF
CVSS 6.3
CVE-2026-1857 MEDIUM
Gutenberg Blocks with AI by Kadence WP - SSRF
CVSS 4.3
CVE-2026-22048 HIGH
NetApp StorageGRID < 11.9.0.12 and 12.0.0.4 - Entra ID SSO Server-Side Request Forgery
CVSS 7.1
CVE-2026-2558 MEDIUM
GeekAI < 4.2.4 - Server-Side Request Forgery via Download Function
CVSS 6.3
CVE-2026-2556 MEDIUM
cskefu < 8.0.1 - Server-Side Request Forgery via MediaController URL Parameter
CVSS 6.3
CVE-2026-2532 MEDIUM
lintsinghua DeepAudit <= 3.0.3 - Server-Side Request Forgery in IP Address Handler
CVSS 6.3
Details
Vulnerabilities 2,697
Links
MITRE CWE Entry Search this CWE With Exploits