CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,437 vulnerabilities with CWE-918
CVE-2026-39647 MEDIUM
WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.11 - Server Side Request Forgery (SSRF) vulnerability
CVSS 5.4
CVE-2026-39645 MEDIUM
WordPress GlobalPayments WooCommerce plugin <= 1.18.0 - Server Side Request Forgery (SSRF) vulnerability
CVSS 5.4
CVE-2026-39630 MEDIUM
WordPress Getty Images plugin <= 4.1.0 - Server Side Request Forgery (SSRF) vulnerability
CVSS 6.4
CVE-2026-39521 MEDIUM
WordPress Nelio Content plugin <= 4.3.1 - Server Side Request Forgery (SSRF) vulnerability
CVSS 4.9
CVE-2026-39464 MEDIUM
WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin <= 6.19.8 - Server Side Request Forgery (SSRF) vulnerability
CVSS 5.5
CVE-2026-1343 HIGH
Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
CVSS 7.2
CVE-2026-39370 HIGH
WWBN AVideo has an Allowlisted downloadURL media extensions bypass SSRF protection and enable internal response exfiltration (Incomplete fix for CVE-2026-27732)
CVSS 7.1
CVE-2026-39368 MEDIUM
WWBN AVideo has a Live restream log callback flow enabling stored SSRF to internal services
CVSS 6.5
CVE-2026-39361 HIGH
OpenObserve has a SSRF Protection Bypass via IPv6 Bracket Notation in validate_enrichment_url
CVSS 7.7
CVE-2026-35572 MEDIUM
SSRF via Referer header in ChurchCRM allows server-side HTTP/HTTPS requests to arbitrary hosts
CVSS 6.0
CVE-2026-35516 MEDIUM
LinkAce has SSRF via CheckLinksCommand - Link URL Update Bypasses laravel-html-meta Protection
CVSS 5.0
CVE-2026-35486 HIGH
text-generation-webui has a SSRF in superbooga/superboogav2 extensions — no URL validation
CVSS 7.5
CVE-2026-35461 MEDIUM
Papra has a Blind Server-Side Request Forgery (SSRF) via Webhook URL
CVSS 5.0
CVE-2026-35409 HIGH
Directus has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in File Import
CVSS 7.7
CVE-2026-35459 CRITICAL
pyLoad has SSRF fix bypass via HTTP redirect
CVSS 9.1
CVE-2026-35187 HIGH
pyLoad has SSRF in parse_urls API endpoint via unvalidated URL parameter
CVSS 7.7
CVE-2026-35037 HIGH
Ech0 affected by unauthenticated SSRF in GetWebsiteTitle allows access to internal services and cloud metadata
CVSS 7.2
CVE-2026-35036 HIGH
Ech0 Affected by Unauthenticated Server-Side Request Forgery in Website Preview Feature
CVSS 7.5
CVE-2026-34981 MEDIUM
whisperX REST API: SSRF in download_from_url() — URL validation happens after HTTP request, extension bypass via .mp3
CVSS 5.8
CVE-2026-34753 MEDIUM
vLLM affected by Server-Side Request Forgery (SSRF) in `download_bytes_from_url `
CVSS 5.4
CVE-2026-33752 HIGH
Redirect-based SSRF leading to internal network access in curl_cffi (with TLS impersonation bypass)
CVSS 8.6
CVE-2026-33540 HIGH
Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm
CVSS 7.5
CVE-2026-5633 HIGH
assafelovic gpt-researcher ws Endpoint server-side request forgery
CVSS 7.3
CVE-2026-5623 MEDIUM
hcengineering Huly Platform Import Endpoint index.ts server-side request forgery
CVSS 6.3
CVE-2026-5618 MEDIUM
kalcaddle kodbox shareMake/shareCheck server-side request forgery
CVSS 5.6
Details
Vulnerabilities 2,437
Links
MITRE CWE Entry Search this CWE With Exploits