Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,678 vulnerabilities with CWE-918

CVE-2026-43995 CRITICAL

Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)

CVE-2026-42860 HIGH

Open edx Enterprise Service: SSRF via SAML metadata URL in sync_provider_data endpoint

CVE-2026-42858 HIGH

Open edX Platform: Server-Side Request Forgery (SSRF) in SAML Provider Data Sync Endpoint

CVE-2026-42313 HIGH

pyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an attacker-controlled proxy

CVE-2026-3048 MEDIUM

Nexus Repository 3 - Improper LDAP Referral Handling

CVE-2026-2393 HIGH

Server-Side Request Forgery (SSRF) in mlflow/mlflow

CVE-2026-8193 MEDIUM

Akaunting Invoice PDF Rendering dompdf.php server-side request forgery

CVE-2026-44313 CRITICAL

LinkWarden: Server-Side Request Forgery (SSRF) in Link Creation via fetchTitleAndHeaders Function

CVE-2026-44286 LOW

FastGPT: SSRF Vulnerability in Laf Workflow Node via Missing Internal Address Validation

CVE-2026-44284 MEDIUM

FastGPT: Stored MCP tool URL SSRF in FastGPT workflow execution

CVE-2026-42352 HIGH

pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber

CVE-2026-42346 MEDIUM

Postiz: TOCTOU DNS rebinding bypasses all SSRF URL validation paths

CVE-2026-42345 HIGH

FastGPT: Cloud metadata endpoint SSRF protection bypass via port specification, IPv6 mapping, hex/decimal IP encoding, and trailing dot

CVE-2026-42339 HIGH

New API <= 0.11.9-alpha.1 - Server-Side Request Forgery Filter Bypass

CVE-2026-41682 MEDIUM

pupnp: Port truncation via atoi() cast in parse_uri() allows SSRF port confusion

CVE-2026-42213 MEDIUM

SolidCAM-GPPL-IDE: Path traversal in `inc` directive enables file probing and NTLM-hash leak

CVE-2026-44694 CRITICAL

n8n-MCP: Authenticated SSRF in n8n-mcp webhook and API client paths

CVE-2026-42181 MEDIUM

Lemmy: SSRF and internal image disclosure in post link metadata via unvalidated og:image

CVE-2026-42180 MEDIUM

Lemmy: SSRF in /api/v3/post via Webmention dispatch

CVE-2026-41887 MEDIUM

Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)

CVE-2026-42353 HIGH

Path traversal / SSRF in i18next-http-middleware via user-controlled language and namespace parameters

CVE-2026-44335 CRITICAL

SSRF bypass in PraisonAI

CVE-2026-41423 MEDIUM

Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server

CVE-2026-42261 HIGH

PromptHub: Authenticated SSRF via IPv6 filter bypass in `POST /api/skills/fetch-remote`

CVE-2026-8034 CRITICAL

Server-side request forgery vulnerability in GitHub Enterprise Server notebook viewer via URL parser confusion

Previous Page 8 of 108 Next

Details

Vulnerabilities 2,678

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy