CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,437 vulnerabilities with CWE-918
CVE-2026-5131 MEDIUM
Server-Side Request Forgery in GREENmod
CVE-2026-5052 MEDIUM
Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS
CVSS 5.3
CVE-2026-40500 MEDIUM
ProcessWire CMS SSRF via Add Module From URL
CVSS 6.8
CVE-2026-39845 MEDIUM
Weblate: SSRF via the webhook add-on using unprotected fetch_url()
CVSS 4.1
CVE-2026-34244 MEDIUM
Weblate: SSRF via Project-Level Machinery Configuration
CVSS 5.0
CVE-2026-33440 MEDIUM
Weblate: Authenticated SSRF via redirect bypass of ALLOWED_ASSET_DOMAINS in screenshot URL uploads
CVSS 5.0
CVE-2026-35032 HIGH
Jellyfin: Potential SSRF + Arbitrary file read via LiveTV M3U tuner
CVSS 8.1
CVE-2026-34160 HIGH
Chamilo LMS: Unauthenticated SSRF via PENS Plugin allows attacker to probe internal network and reach cloud metadata services
CVSS 8.6
CVE-2026-33715 HIGH
Chamilo LMS has Unauthenticated SSRF and Open Email Relay via install.ajax.php test_mailer action
CVSS 7.2
CVE-2026-38527 HIGH
Webkul Krayin CRM 2.2.x - SSRF
CVSS 8.5
CVE-2026-34225 MEDIUM
Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality
CVSS 4.3
CVE-2026-39418 MEDIUM
MaxKB: SSRF via sandbox network hook bypass
CVSS 5.0
CVE-2026-6220 MEDIUM
HummerRisk Video File Download URL ServerService.java ServerService.addServer server-side request forgery
CVSS 4.7
CVE-2026-33659 LOW
EspoCRM: SSRF via DNS Rebinding in Attachment fromImageUrl Endpoint Allows Internal Network Access
CVSS 3.5
CVE-2026-6215 MEDIUM
DbGate REST/GraphQL openApiDriver.ts apiServerUrl1 server-side request forgery
CVSS 6.3
CVE-2026-33534 MEDIUM
EspoCRM has authenticated SSRF via internal-host validation bypass using alternative IPv4 notation
CVSS 4.3
CVE-2026-34476 HIGH
Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server
CVSS 7.1
CVE-2026-5936 HIGH
Server-Side Request Forgery (SSRF) via URL Parameter in Foxit PDF Services API
CVSS 8.5
CVE-2026-6119 MEDIUM
AstrBotDevs AstrBot API Endpoint post_data.get server-side request forgery
CVSS 6.3
CVE-2026-6111 MEDIUM
FoundationAgents MetaGPT common.py decode_image server-side request forgery
CVSS 6.3
CVE-2026-4979 MEDIUM
UsersWP <= 1.2.58 - Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' Parameter
CVSS 5.0
CVE-2026-40242 HIGH
Arcane Unauthenticated SSRF with Conditional Response Reflection in Template Fetch Endpoint
CVSS 7.2
CVE-2026-40175 MEDIUM
Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
CVSS 4.8
CVE-2026-40168 HIGH
Postiz has Server-Side Request Forgery via Redirect Bypass in /api/public/stream
CVSS 8.2
CVE-2026-39922 MEDIUM
GeoNode < 4.4.5, 5.0.2 SSRF via Service Registration
CVSS 6.3
Details
Vulnerabilities 2,437
Links
MITRE CWE Entry Search this CWE With Exploits