CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,678 vulnerabilities with CWE-918
CVE-2026-42398 HIGH
Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access
CVSS 7.7
CVE-2026-49129 MEDIUM
Music Player Daemon < 0.24.11 SSRF via CurlInputPlugin
CVSS 5.8
CVE-2026-46526 MEDIUM
Local Deep Research: SSRF bypass in `safe_get`
CVSS 5.0
CVE-2026-43979 MEDIUM
Local Deep Research: HTML Injection via Unescaped User Input in PDF Export (`pdf_service.py:_markdown_to_html`)
CVSS 5.0
CVE-2026-46561 MEDIUM
pyLoad: SSRF via HTTP Redirect Bypass in parse_urls API
CVSS 5.0
CVE-2026-45373 HIGH
CodeWhale: SSRF‌ IPV6 bypass
CVSS 7.4
CVE-2026-45310 HIGH
CodeWhale: SSRF via HTTP Redirect Bypass in fetch_url Tool
CVSS 7.4
CVE-2026-44797 HIGH
Nautobot: Webhook definitions could be used for server-side request forgery (SSRF)
CVSS 8.5
CVE-2026-48522 MEDIUM
PyJWKClient: missing scheme allowlist enables SSRF + token forgery via file://, ftp://, data: schemes
CVSS 4.2
CVE-2026-9813 CRITICAL
FlowIntel external reference URL probe allows server-side request forgery
CVSS 9.9
CVE-2026-5737 MEDIUM
Independent Analytics <= 2.14.9 - Unauthenticated Server-Side Request Forgery via Tracking Route
CVSS 6.5
CVE-2026-48153 HIGH
Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata
CVSS 8.5
CVE-2026-48148 MEDIUM
Budibase: Unvalidated VectorDB Host Parameter Enables SSRF
CVE-2026-48146 HIGH
Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection
CVSS 7.7
CVE-2026-48128 MEDIUM
Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step
CVE-2026-45715 HIGH
Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration
CVSS 7.7
CVE-2026-45548 HIGH
Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation
CVSS 7.7
CVE-2026-45061 HIGH
Budibase: SSRF via trivial `.tar.gz` substring bypass in Plugin URL upload (`/api/plugin`)
CVSS 7.7
CVE-2026-48918 MEDIUM
Jenkins Active Directory Plugin < 2.41 - Server-Side Request Forgery (SSRF)
CVSS 6.6
CVE-2026-48916 MEDIUM
Jenkins Ldap Plugin < 807.v7d7de30930cf - Server-Side Request Forgery (SSRF)
CVSS 6.6
CVE-2026-44971 HIGH
GuardDog: Blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltration
CVSS 8.2
CVE-2026-42184 HIGH
Tauri: Origin Confusion Allows Remote Pages to Invoke Local-Only IPC Commands
CVSS 8.8
CVE-2026-9312 HIGH
Server-Side Request Forgery vulnerability in GitHub Enterprise Server allowed access to internal services via path traversal in upload endpoint
CVSS 8.2
CVE-2026-8606 MEDIUM
Server-Side Request Forgery in GitHub Enterprise Server via Advisory Package URL Endpoint
CVSS 5.9
CVE-2026-45298 HIGH
Dozzle: Pre-auth SSRF with response-body reflection via POST /api/notifications/test-webhook (default no-auth deploy)
CVSS 8.6
Details
Vulnerabilities 2,678
Links
MITRE CWE Entry Search this CWE With Exploits