CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,441 vulnerabilities with CWE-918
CVE-2026-4789 CRITICAL
Kyverno < 1.16.0 - SSRF
CVSS 9.8
CVE-2026-27018 HIGH
Gotenberg: Chromium deny-list bypass via case-insensitive URL scheme
CVSS 7.5
CVE-2026-31804 MEDIUM
Tautulli: Unauthenticated pms_image_proxy endpoint proxies arbitrary HTTP requests through the Plex Media Server
CVSS 4.0
CVE-2026-29925 HIGH
Invoice Ninja 5.12.46/5.12.48 - SSRF
CVSS 7.7
CVE-2026-5126 MEDIUM
SourceCodester RSS Feed Parser file_get_contents server-side request forgery
CVSS 6.3
CVE-2026-29954 HIGH
KubePlus 4.1.4 - SSRF
CVSS 7.6
CVE-2026-2286 CRITICAL
CrewAI 1.0 - SSRF in RAG Search Tools
CVSS 9.8
CVE-2026-0560 HIGH
Server-Side Request Forgery (SSRF) in parisneo/lollms
CVSS 7.5
CVE-2026-5016 HIGH
elecV2 elecV2P URL mock eAxios server-side request forgery
CVSS 7.3
CVE-2026-33992 MEDIUM
pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration
CVSS 6.5
CVE-2026-33953 HIGH
LinkAce's SSRF protection can be bypassed via internal hostname resolution in LinkAce
CVSS 8.5
CVE-2026-31945 HIGH
LibreChat Server-Side Request Forgery using DNS resolution
CVSS 7.7
CVE-2026-31943 HIGH
LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP
CVSS 8.5
CVE-2026-4964 MEDIUM
letta-ai letta File URL message_helper.py _convert_message_create_to_message server-side request forgery
CVSS 6.3
CVE-2026-4953 HIGH
mingSoft MCMS Editor Endpoint BaseAction.java catchImage server-side request forgery
CVSS 7.3
CVE-2026-33766 MEDIUM
AVideo has SSRF Protection Bypass via HTTP Redirect in Image Download Endpoints
CVSS 6.5
CVE-2026-33205 MEDIUM
calibre has Server-Side Request Forgery in ebook viewer backend
CVSS 5.5
CVE-2026-30637 HIGH
OTCMS V7.66 - SSRF
CVSS 7.5
CVE-2026-22742 HIGH
Server-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching
CVSS 8.6
CVE-2026-4907 MEDIUM
Page-Replica Page Replica Endpoint sitemap sitemap.fetch server-side request forgery
CVSS 6.3
CVE-2026-33693 MEDIUM
Lemmy's Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()
CVSS 6.5
CVE-2026-33682 MEDIUM
Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)
CVSS 4.7
CVE-2026-3530 MEDIUM
OpenID Connect / OAuth client - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-025
CVSS 4.3
CVE-2026-33644 MEDIUM
Lychee has SSRF bypass via DNS rebinding — PhotoUrlRule only validates IP addresses, not hostnames resolving to internal IPs
CVSS 4.3
CVE-2026-33619 MEDIUM
PinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrl
CVSS 4.1
Details
Vulnerabilities 2,441
Links
MITRE CWE Entry Search this CWE With Exploits