CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
2,437 vulnerabilities with CWE-918
CVE-2026-39921
MEDIUM
GeoNode < 4.4.5, 5.0.2 SSRF via Document Upload
CVSS 6.3
CVE-2026-30232
CRITICAL
Chartbrew has SSRF in API Data Connection - No IP Validation on User-Provided URLs
CVSS 9.6
CVE-2026-31941
HIGH
Server-Side Request Forgery (SSRF) in Chamilo LMS
CVSS 7.7
CVE-2026-40160
MEDIUM
PraisonAIAgents has SSRF via unvalidated URL in `web_crawl` httpx fallback
CVSS 6.5
CVE-2026-40100
MEDIUM
FastGPT has Unauthenticated SSRF in /api/core/app/mcpTools/runTool via missing CHECK_INTERNAL_IP default
CVSS 5.3
CVE-2026-6011
MEDIUM
OpenClaw assertPublicHostname web-fetch.ts server-side request forgery
CVSS 5.6
CVE-2026-40150
HIGH
PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool
CVSS 7.7
CVE-2026-40114
HIGH
PraisonAI has Server-Side Request Forgery via Unvalidated webhook_url in Jobs API
CVSS 7.2
CVE-2026-35629
HIGH
OpenClaw < 2026.3.25 - Server-Side Request Forgery via Unguarded Configured Base URLs in Channel Extensions
CVSS 7.4
CVE-2026-40107
MEDIUM
SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering
CVSS 6.5
CVE-2026-40089
CRITICAL
Sonicverse has Server-Side Request Forgery via user-controlled URLs in dashboard API client
CVSS 9.9
CVE-2026-40072
LOW
web3.py affected by SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling
CVE-2026-39974
HIGH
n8n-MCP has an Authenticated SSRF via instance-URL header in multi-tenant HTTP mode
CVSS 8.5
CVE-2026-39843
HIGH
Plane has a Server-Side Request Forgery (SSRF) in Favicon Fetching
CVSS 7.7
CVE-2026-5832
HIGH
atototo api-lab-mcp HTTP http-server.ts test_http_endpoint server-side request forgery
CVSS 7.3
CVE-2026-5803
MEDIUM
bigsk1 openai-realtime-ui API Proxy Endpoint server.js server-side request forgery
CVSS 6.3
CVE-2026-39885
HIGH
FrontMCP Affected by SSRF via $ref Dereferencing in Untrusted OpenAPI Specifications
CVSS 7.5
CVE-2026-39362
HIGH
InvenTree has SSRF via Remote Image Download — No IP/Hostname Validation on remote_image URLs
CVSS 7.1
CVE-2026-34719
MEDIUM
Zammad has a Server-side request forgery (SSRF) via webhooks
CVSS 4.3
CVE-2026-33458
MEDIUM
Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure
CVSS 6.3
CVE-2026-32591
MEDIUM
Mirror-registry: quay: server-side request forgery in proxy cache upstream registry configuration
CVSS 5.2
CVE-2026-31017
CRITICAL
ERPNext 16.0.1 & Frappe Framework 16.1.1 - SSRF
CVSS 9.1
CVE-2026-2377
MEDIUM
Mirror-registry: quay: quay: server-side request forgery via log export functionality
CVSS 6.5
CVE-2026-39695
MEDIUM
WordPress Podigee plugin <= 1.4.0 - Server Side Request Forgery (SSRF) vulnerability
CVSS 5.4
CVE-2026-39670
MEDIUM
WordPress Visual Link Preview plugin <= 2.3.0 - Server Side Request Forgery (SSRF) vulnerability
CVSS 6.0
Details
Vulnerabilities
2,437