CWE-918— Server-Side Request Forgery (SSRF)
2,386 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-918page 40 of 48
- CVE-2026-10274LOWCVSS 6.3EG 6.32026-06-01
A vulnerability was determined in indrasishbanerjee aem-mcp-server up to... A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of t…
- CVE-2026-10276MEDIUMCVSS 6.3EG 6.32026-06-01
A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component get_build_status/get_build_log/trigger_build. Such manipulation leads to server-s…
- CVE-2026-10280HIGHCVSS 7.3EG 7.32026-06-01
A security flaw has been discovered in horizon921 mcpilot 0.1.0. The impacted element is an unknown function of the file client/src/app/api/mcp/call/route.ts of the component MCP API Call Endpoint. The manipulation of the argument serverBa…
- CVE-2026-10287HIGHCVSS 7.3EG 7.32026-06-01
A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function get_headers of the file /index.php. This manipulation of the argument url causes server-side request forgery. It is possib…
- CVE-2026-10517MEDIUMCVSS 5.8EG 5.82026-06-01
A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured (opt-in, not enforced by defa…
- CVE-2026-10581MEDIUMCVSS 6.3EG 6.32026-06-02
A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64_decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of …
- CVE-2026-10583MEDIUMCVSS 4.7EG 4.72026-06-02
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts_config.go of the component TTS Configuration Endpoint. The manipulation leads t…
- CVE-2026-10586HIGHCVSS 7.2EG 7.22026-06-04
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the `save_ai_generated_image()` function. Thi…
- CVE-2026-1062MEDIUMCVSS 6.3EG 6.32026-01-17
A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible …
- CVE-2026-10662MEDIUMCVSS 6.3EG 6.32026-06-02
A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blender_mcp/server.py of the component ZIP File Handler. The manipulation o…
- CVE-2026-10690MEDIUMCVSS 6.3EG 6.32026-06-02
A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read_file. Such manipulation of the argument url leads to server-side…
- CVE-2026-10771HIGHCVSS 7.3EG 7.32026-06-03
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulat…
- CVE-2026-11346MEDIUMCVSS 5.3EG 5.32026-06-05
A Server-Side Request Forgery (SSRF) vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, …
- CVE-2026-11424HIGHCVSS 8.3EG 8.32026-06-05
A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose input is treated as a URL by the server and used t…
- CVE-2026-1180MEDIUMCVSS 5.8EG 5.82026-01-20
A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using private_key_jwt. The issue allows a client to specify an arbitrary jwks_uri, which Keycloak then retrieves without val…
- CVE-2026-1249MEDIUMCVSS 5.0EG 5.02026-02-14
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'load_lyrics_ajax_callback' function. This makes it possible for auth…
- CVE-2026-1294HIGHCVSS 7.2EG 7.22026-02-05
The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.2 due to missing authorization and URL validation on the image-proxy REST API endpoint. This make…
- CVE-2026-1343HIGHCVSS 7.2EG 7.22026-04-08
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attac…
- CVE-2026-1356MEDIUMCVSS 4.8EG 4.82026-02-12
The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.5.1 via the PassthruLoader::load_image_source function. This makes …
- CVE-2026-1518LOWCVSS 2.7EG 2.72026-02-02
A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.
- CVE-2026-1884MEDIUMCVSS 4.7EG 4.72026-02-04
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The att…
- CVE-2026-20035HIGHCVSS 7.2EG 7.22026-05-06
A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HT…
- CVE-2026-20041MEDIUMCVSS 6.1EG 6.12026-04-01
A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to …
- CVE-2026-20230HIGHCVSS 8.6EG 8.62026-06-03
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forger…
- CVE-2026-20958MEDIUMCVSS 5.4EG 5.42026-01-13
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.
- CVE-2026-21433HIGHCVSS 7.7EG 7.72026-01-02
Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band (OOB) requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http[:]//emblog/admin/medi…
- CVE-2026-21512MEDIUMCVSS 6.5EG 6.52026-02-10
Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network.
- CVE-2026-21859MEDIUMCVSS 5.8EG 5.82026-01-08
Mailpit is an email testing tool and API for developers. Versions 1.28.0 and below have a Server-Side Request Forgery (SSRF) vulnerability in the /proxy endpoint, allowing attackers to make requests to internal network resources. The /prox…
- CVE-2026-21885MEDIUMCVSS 6.5EG 6.52026-01-08
Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint (`GET /proxy/{encodedDigest}/{encodedURL}`) can be abused to perform Server-Side Request Forgery (SSRF). An authenticated user can cause Min…
- CVE-2026-22039CRITICALCVSS 9.9EG 9.92026-01-27
Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved `urlPath` is executed usi…
- CVE-2026-22219HIGHCVSS 7.7EG 7.72026-01-20
Chainlit versions prior to 2.9.4 contain a server-side request forgery (SSRF) vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled u…
- CVE-2026-22245HIGHCVSS 7.5EG 7.52026-01-08
Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP…
- CVE-2026-22247MEDIUMCVSS 4.1EG 4.12026-02-04
GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5.
- CVE-2026-22358MEDIUMCVSS 5.4EG 5.42026-01-22
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through <= …
- CVE-2026-22482MEDIUMCVSS 4.9EG 9.12026-01-22
Server-Side Request Forgery (SSRF) vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.This issue affects IMGspider: from n/a through <= 2.3.12.
- CVE-2026-22597LOWCVSS 2.7EG 2.72026-01-10
Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost …
- CVE-2026-2264CRITICALCVSS 9.2EG 9.22026-05-26
A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens. For successful exploitation, an administrator m…
- CVE-2026-22662MEDIUMCVSS 4.3EG 4.32026-04-03
prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attacke…
- CVE-2026-22664HIGHCVSS 7.7EG 7.72026-04-03
prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled UR…
- CVE-2026-22772MEDIUMCVSS 5.8EG 5.82026-01-12
Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.5, Fulcio's metaRegex() function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and …
- CVE-2026-22805HIGHCVSS 8.6EG 8.62026-01-12
Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subscriptions could be potentially impacted if their Metabase is colocated with other unsecured r…
- CVE-2026-23529HIGHCVSS 7.7EG 7.72026-01-16
Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink …
- CVE-2026-23768MEDIUMCVSS 6.1EG 6.12026-01-16
lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribut…
- CVE-2026-2377MEDIUMCVSS 6.5EG 6.52026-04-08
A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary requests to internal network resources,…
- CVE-2026-23773MEDIUMCVSS 4.3EG 4.32026-04-29
Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side requ…
- CVE-2026-23845MEDIUMCVSS 5.8EG 5.82026-01-19
Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery (SSRF) via HTML Check CSS Download. The HTML Check feature (`/api/v1/message/{ID}/html-check`) is designed to a…
- CVE-2026-2393HIGHCVSS 7.1EG 7.12026-05-11
A Server-Side Request Forgery (SSRF) vulnerability exists in MLflow versions prior to 3.9.0. The `_create_webhook()` function in `mlflow/server/handlers.py` accepts a user-controlled `url` parameter without validation, and the `_send_webho…
- CVE-2026-24048LOWCVSS 3.5EG 3.52026-01-21
Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the `…
- CVE-2026-24117MEDIUMCVSS 5.3EG 5.32026-01-22
Rekor is a software supply chain transparency log. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because /api/v1/index/retrieve supports retrieving a public key via user-provided URL. Since the SSRF…
- CVE-2026-24138HIGHCVSS 7.5EG 7.52026-01-23
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url pa…
Map vulnerabilities like CWE-918 to your infrastructure
EchelonGraph correlates every CVE — across CWE-918 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →