Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2026-33126 Frigate has SSRF vulnerability in /ffprobe endpoint — frigate 5.0 Medium2026-03-20
CVE-2026-33081 PinchTab has Blind SSRF via browser-side redirect bypass in /download URL validation — pinchtab 5.8 Medium2026-03-20
CVE-2026-33060 CKAN MCP Server: SSRF via base_url allows access to internal networks — ckan-mcp-server 5.3 Medium2026-03-20
CVE-2026-33039 AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy — AVideo 8.6 High2026-03-20
CVE-2026-33024 AVideo-Encoder has Unauthenticated Blind Server-Side Request Forgery via Public Thumbnail Generator — AVideo-Encoder 9.8 -2026-03-20
CVE-2026-32949 SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL — SQLBot 7.5 -2026-03-20
CVE-2026-32812 Admidio Vulnerable to SSRF and Local File Read via Unrestricted URL Fetch in SSO Metadata Endpoint — admidio 6.8 Medium2026-03-20
CVE-2026-32828 Kargo: SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration — kargo 9.1 -2026-03-20
CVE-2026-29107 SuiteCRM vulnerable to authenticated SSRF via PDF export — SuiteCRM 5.0 Medium2026-03-19
CVE-2026-29097 SuiteCRM Server-Side Request Forgery and Denial of Service via RSS Feed Dashlet — SuiteCRM 6.5 -2026-03-19
CVE-2026-32037 OpenClaw < 2026.2.22 - Redirect Chain Bypass of Media Host Allowlist in MSTeams Attachment Handling — OpenClaw 6.0 Medium2026-03-19
CVE-2026-32019 OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard — OpenClaw 7.4 High2026-03-19
CVE-2026-26137 Microsoft Exchange Elevation of Privilege Vulnerability — Microsoft Exchange Online 9.9 Critical2026-03-19
CVE-2026-26120 Microsoft Bing Tampering Vulnerability — Microsoft Bing 6.5 Medium2026-03-19
CVE-2026-26138 Microsoft Purview Elevation of Privilege Vulnerability — Microsoft Purview 8.6 High2026-03-19
CVE-2026-26139 Microsoft Purview Elevation of Privilege Vulnerability — Microsoft Purview 8.6 High2026-03-19
CVE-2026-32169 Azure Cloud Shell Elevation of Privilege Vulnerability — Azure Cloud Shell 10.0 Critical2026-03-19
CVE-2026-33321 OpenEMR has Out-of-Band Server-Side Request Forgery (OOB SSRF) — openemr 7.6 -2026-03-19
CVE-2025-71259 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Blind SSRF in externalfeed/RSS — FootPrints 4.3 Medium2026-03-19
CVE-2025-71258 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Blind SSRF in searchWeb — FootPrints 4.3 Medium2026-03-19
CVE-2026-31989 OpenClaw < 2026.3.1 - Server-Side Request Forgery via web_search Citation Redirect — OpenClaw 7.4 High2026-03-19
CVE-2026-32255 Kan is Vulnerable to Unauthenticated SSRF via Attachment Download Endpoint — kan 8.6 High2026-03-18
CVE-2026-4366 Keycloak-services: blind server-side request forgery (ssrf) via http redirect handling in keycloak — Red Hat Build of Keycloak 5.8 Medium2026-03-18
CVE-2026-22181 OpenClaw < 2026.3.2 - DNS Pinning Bypass via Environment Proxy Configuration in web_fetch — OpenClaw 7.6 High2026-03-18
CVE-2026-25534 Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames — clouddriver-artifacts 9.1 Critical2026-03-17
CVE-2026-4308 frdel/agent0ai agent-zero document_query.py handle_pdf_document server-side request forgery — agent-zero 6.3 Medium2026-03-17
CVE-2026-4284 taoofagi easegen-admin PPT File PPTUtil.java downloadFile server-side request forgery — easegen-admin 4.7 Medium2026-03-16
CVE-2026-2455 SSRF bypass via IPv4-mapped IPv6 literals — Mattermost 4.3 Medium2026-03-16
CVE-2025-69239 Server-Site Request Forgery in Raytha CMS — Raytha 3.8 -2026-03-16
CVE-2026-4231 vanna-ai vanna Endpoint __init__.py run_sql server-side request forgery — vanna 7.3 High2026-03-16

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.