CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,437 vulnerabilities with CWE-918
CVE-2026-41060 HIGH
AVideo's SSRF via same-domain hostname with alternate port bypasses isSSRFSafeURL
CVSS 7.7
CVE-2026-41055 HIGH
AVideo has an incomplete fix for CVE-2026-33039 (SSRF)
CVSS 8.6
CVE-2026-6744 MEDIUM
Bagisto Downloadable Link copy server-side request forgery
CVSS 6.3
CVE-2026-40566 MEDIUM
FreeScout vulnerable to SSRF via IMAP/SMTP Connection Test Endpoints
CVSS 4.1
CVE-2026-41302 HIGH
OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin Download
CVSS 7.6
CVE-2026-41297 HIGH
OpenClaw < 2026.3.31 - Server-Side Request Forgery via Marketplace Plugin Download Redirect
CVSS 7.6
CVE-2026-35587 HIGH
Glances IP Plugin has SSRF via public_api that leads to credential leakage
CVSS 8.8
CVE-2026-33626 HIGH
LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading
CVSS 7.5
CVE-2026-34428 HIGH
Vvveb < 1.0.8.1 SSRF via oEmbedProxy
CVSS 7.7
CVE-2026-25883 MEDIUM
Vexa Webhook Feature has a SSRF Vulnerability
CVSS 5.8
CVE-2026-6649 MEDIUM
Qibo CMS headers server-side request forgery
CVSS 6.3
CVE-2026-6625 HIGH
moxi624 Mogu Blog v2 Picture Storage Service LocalFileServiceImpl.java LocalFileServiceImpl.uploadPictureByUrl server-side request forgery
CVSS 7.3
CVE-2026-6618 MEDIUM
langgenius dify ApiBasedToolSchemaParser parser.py parse_openai_plugin_json_to_tool_bundle server-side request forgery
CVSS 6.3
CVE-2026-6617 MEDIUM
langgenius dify ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema server-side request forgery
CVSS 6.3
CVE-2026-6616 MEDIUM
TransformerOptimus SuperAGI WebScraperTool webpage_extractor.py extract_with_lxml server-side request forgery
CVSS 6.3
CVE-2026-6606 HIGH
modelscope agentscope _agent_base.py _process_audio_block server-side request forgery
CVSS 7.3
CVE-2026-6605 HIGH
modelscope agentscope Internal Service _common.py _get_bytes_from_web_url server-side request forgery
CVSS 7.3
CVE-2026-6604 HIGH
modelscope agentscope Cloud Metadata Endpoint _openai_tools.py openai_audio_to_text server-side request forgery
CVSS 7.3
CVE-2026-6587 MEDIUM
vibrantlabsai RAGAS Collections util.py _try_process_url server-side request forgery
CVSS 6.3
CVE-2026-6573 MEDIUM
PHPEMS Instant Exam Creation exams.master.php temppage server-side request forgery
CVSS 6.3
CVE-2026-40348 HIGH
Movary has Authenticated SSRF via Jellyfin Server URL Verification that Allows Internal Network Probing
CVSS 7.7
CVE-2026-40346 MEDIUM
NocoBase has SSRF in Workflow HTTP Request and Custom Request Plugins
CVE-2026-40516 HIGH
OpenHarness SSRF via web_fetch and web_search
CVSS 8.3
CVE-2026-6497 MEDIUM
prasathmani TinyFileManager File Upload filemanager.php server-side request forgery
CVSS 6.3
CVE-2026-31317 HIGH
Craftql <=1.3.7 - SSRF
CVSS 7.5
Details
Vulnerabilities 2,437
Links
MITRE CWE Entry Search this CWE With Exploits