Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1539

1539 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2026-44313 LinkWarden: Server-Side Request Forgery (SSRF) in Link Creation via fetchTitleAndHeaders Function — linkwarden 9.1 Critical2026-05-08
CVE-2026-42352 pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber — pygeoapi 8.6 High2026-05-08
CVE-2026-42346 Postiz: TOCTOU DNS rebinding bypasses all SSRF URL validation paths — postiz-app 6.5 Medium2026-05-08
CVE-2026-42339 New API: SSRF Filter Bypass via 0.0.0.0 — new-api--2026-05-08
CVE-2026-44286 FastGPT: SSRF Vulnerability in Laf Workflow Node via Missing Internal Address Validation — FastGPT--2026-05-08
CVE-2026-44284 FastGPT: Stored MCP tool URL SSRF in FastGPT workflow execution — FastGPT 6.3 Medium2026-05-08
CVE-2026-42345 FastGPT: Cloud metadata endpoint SSRF protection bypass via port specification, IPv6 mapping, hex/decimal IP encoding, and trailing dot — FastGPT 7.7 High2026-05-08
CVE-2026-42180 Lemmy: SSRF in /api/v3/post via Webmention dispatch — lemmy 6.3 Medium2026-05-08
CVE-2026-42181 Lemmy: SSRF and internal image disclosure in post link metadata via unvalidated og:image — lemmy 6.5 Medium2026-05-08
CVE-2026-44335 SSRF bypass in PraisonAI — PraisonAI--2026-05-08
CVE-2026-41423 Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server — angular--2026-05-08
CVE-2026-8034 Server-side request forgery vulnerability in GitHub Enterprise Server notebook viewer via URL parser confusion — Enterprise Server--2026-05-07
CVE-2026-41105 Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability — Azure Monitor Action Group notification system 8.1 High2026-05-07
CVE-2026-42449 n8n-MCP: IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embedders — n8n-mcp 8.5 High2026-05-07
CVE-2026-41905 FreeScout vulnerable to SSRF via Helper::sanitizeRemoteUrl: redirect destination not re-validated, allowing internal HTTP / cloud-metadata access — freescout 7.7 High2026-05-07
CVE-2026-8081 router-for-me CLIProxyAPI api_tools.go server-side request forgery — CLIProxyAPI 6.3 Medium2026-05-07
CVE-2026-41688 Incomplete fix for CVE-2026-33399: SSRF in Wallos — Wallos 7.7 High2026-05-07
CVE-2026-41687 Wallos: SSRF CGNAT Bypass in subscription/payments Logo URL — is_cgnat_ip() Not Used in Inline Checks — Wallos 4.3 Medium2026-05-07
CVE-2026-41413 Istio Vulnerable to SSRF via RequestAuthentication jwksUri — istio 5.0 Medium2026-05-07
CVE-2026-42194 Incomplete fix for CVE-2026-32812: SSRF in admidio — admidio 6.8 Medium2026-05-07
CVE-2026-44116 OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo Photo URL Validation — OpenClaw 8.6 High2026-05-06
CVE-2026-44117 OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot Direct Media Upload — OpenClaw 5.8 Medium2026-05-06
CVE-2026-20035 Cisco Unity Connection Server-Side Request Forgery Vulnerability — Cisco Unity Connection 7.2 High2026-05-06
CVE-2026-39383 Gotenberg unauthenticated blind SSRF via unfiltered webhook URL — gotenberg--2026-05-05
CVE-2026-35527 Incus blind SSRF via image import preflight HEAD request — incus--2026-05-05
CVE-2026-40280 Gotenberg SSRF via case-insensitive URL scheme bypass in webhook and downloadFrom deny-lists — gotenberg--2026-05-05
CVE-2026-33975 twenty-server SSRF protection bypass via IPv4-mapped IPv6 address normalization — twenty--2026-05-05
CVE-2026-7412 BaSyx Java Server SDK<2.0.0-M10反代未校验漏洞 — Eclipse BaSyx 8.6 High2026-05-05
CVE-2026-43527 OpenClaw < 2026.4.14 - Server-Side Request Forgery via Private Network Navigation — OpenClaw 7.7 High2026-05-05
CVE-2026-43526 OpenClaw < 2026.4.12 - Server-Side Request Forgery via QQBot Reply Media URL Handling — OpenClaw 8.2 High2026-05-05

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1539 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.