Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,678 vulnerabilities with CWE-918

CVE-2026-41105 HIGH

Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability

CVE-2026-42449 HIGH

n8n-MCP: IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embedders

CVE-2026-41905 HIGH

FreeScout vulnerable to SSRF via Helper::sanitizeRemoteUrl: redirect destination not re-validated, allowing internal HTTP / cloud-metadata access

CVE-2026-8081 MEDIUM

router-for-me CLIProxyAPI api_tools.go server-side request forgery

CVE-2026-41689 MEDIUM

Wallos: Shared local webhook allowlist lets low-privilege users send arbitrary requests to allowlisted internal services

CVE-2026-41688 HIGH

Incomplete fix for CVE-2026-33399: SSRF in Wallos

CVE-2026-41687 MEDIUM

Wallos: SSRF CGNAT Bypass in subscription/payments Logo URL — is_cgnat_ip() Not Used in Inline Checks

CVE-2026-41654 HIGH

Weblate is Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url

CVE-2026-41644 HIGH

monetr is vulnerable to server-side request forgery in Lunch Flow link creation and refresh

CVE-2026-41413 MEDIUM

Istio Vulnerable to SSRF via RequestAuthentication jwksUri

CVE-2026-42194 MEDIUM

Incomplete fix for CVE-2026-32812: SSRF in admidio

CVE-2026-44117 MEDIUM

OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot Direct Media Upload

CVE-2026-44116 HIGH

OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo Photo URL Validation

CVE-2026-43576 HIGH

OpenClaw < 2026.4.5 - Second-hop SSRF via CDP /json/version WebSocket URL

CVE-2026-20035 HIGH

Cisco Unity Connection Server-Side Request Forgery Vulnerability

CVE-2026-39383 HIGH

Gotenberg unauthenticated blind SSRF via unfiltered webhook URL

CVE-2026-35527 MEDIUM

Incus blind SSRF via image import preflight HEAD request

CVE-2026-40280 HIGH

Gotenberg SSRF via case-insensitive URL scheme bypass in webhook and downloadFrom deny-lists

CVE-2026-34084 CRITICAL

PhpSpreadsheet SSRF and RCE via PHP stream wrappers in IOFactory::load

CVE-2026-33975 HIGH

twenty-server SSRF protection bypass via IPv4-mapped IPv6 address normalization

CVE-2026-7412 HIGH

Eclipse BaSyx < 2.0.0-milestone-10 - Server-Side Request Forgery

CVE-2026-43573 HIGH

OpenClaw < 2026.4.10 - SSRF Policy Bypass in Existing-Session Browser Interaction Routes

CVE-2026-43527 HIGH

OpenClaw < 2026.4.14 - Server-Side Request Forgery via Private Network Navigation

CVE-2026-43526 HIGH

OpenClaw < 2026.4.12 - Server-Side Request Forgery via QQBot Reply Media URL Handling

CVE-2026-42439 HIGH

OpenClaw < 2026.4.10 - SSRF Policy Bypass in Browser Tabs Action Routes

Previous Page 9 of 108 Next

Details

Vulnerabilities 2,678

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy