Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2026-4215 FlowCI flow-core-x SMTP Host ConfigServiceImpl.java save server-side request forgery — flow-core-x 6.3 Medium2026-03-16
CVE-2026-4200 glowxq glowxq-oj ProblemCaseController.java uploadTestcaseZipUrl server-side request forgery — glowxq-oj 7.3 High2026-03-16
CVE-2026-32412 WordPress Gift Up Gift Cards for WordPress and WooCommerce plugin <= 3.1.7 - Server Side Request Forgery (SSRF) vulnerability — Gift Up Gift Cards for WordPress and WooCommerce 5.4 Medium2026-03-13
CVE-2026-32357 WordPress Simple Blog Card plugin <= 2.37 - Server Side Request Forgery (SSRF) vulnerability — Simple Blog Card 6.4 Medium2026-03-13
CVE-2026-32353 WordPress MailerPress plugin <= 1.4.2 - Server Side Request Forgery (SSRF) vulnerability — MailerPress 6.4 Medium2026-03-13
CVE-2026-32349 WordPress Embed PDF Viewer plugin <= 2.4.7 - Server Side Request Forgery (SSRF) vulnerability — Embed PDF Viewer 4.9 Medium2026-03-13
CVE-2026-32301 Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL — centrifugo 9.3 Critical2026-03-12
CVE-2026-32236 @backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch — plugin-auth-backend 7.5 -2026-03-12
CVE-2026-21887 OpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature — opencti 7.7 High2026-03-12
CVE-2026-3966 648540858 wvp-GB28181-pro IP Address ABLMediaNodeServerService.java getDownloadFilePath server-side request forgery — wvp-GB28181-pro 6.3 Medium2026-03-12
CVE-2026-3961 zyddnys manga-image-translator Translate Endpoints request_extraction.py to_pil_image server-side request forgery — manga-image-translator 6.3 Medium2026-03-11
CVE-2026-32133 2FAuth has Blind SSRF in image parameter allows internal network access and more — 2FAuth 7.1AIHighAI2026-03-11
CVE-2026-3958 Woahai321 ListSync JSON api_server.py requests.post server-side request forgery — ListSync 6.3 Medium2026-03-11
CVE-2026-32111 ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle — ha-mcp 5.3 Medium2026-03-11
CVE-2026-32110 SiYuan has a Full-Read SSRF via /api/network/forwardProxy — siyuan 8.3 High2026-03-11
CVE-2026-32096 Plunk has SSRF via unvalidated AWS SNS SubscriptionConfirmation in POST /webhooks/sns — plunk 9.3 Critical2026-03-11
CVE-2026-31974 Blind SSRF on OpenProject instance via webhooks — openproject 3.0 Low2026-03-11
CVE-2026-31959 SSRF in Quill via unvalidated URL from Apple notarization log retrieval — quill 5.3 Medium2026-03-11
CVE-2026-31878 Frappe: Possible SSRF by any authenticated user — frappe 5.0 Medium2026-03-11
CVE-2026-21293 Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918) — Adobe Commerce 5.5 Medium2026-03-11
CVE-2026-21294 Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918) — Adobe Commerce 5.5 Medium2026-03-11
CVE-2026-31829 Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access — Flowise 7.1 High2026-03-10
CVE-2026-30953 LinkAce affected by SSRF via link creation: NoPrivateIpRule not applied to LinkStoreRequest — LinkAce 7.7 High2026-03-10
CVE-2026-27826 MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers — mcp-atlassian 8.2 High2026-03-10
CVE-2026-26118 Azure MCP Server Tools Elevation of Privilege Vulnerability — Azure MCP Server Tools 1.0.0 (npm) 8.8 High2026-03-10
CVE-2026-26121 Azure IOT Explorer Spoofing Vulnerability — Azure IoT Explorer 7.5 High2026-03-10
CVE-2026-24316 Server-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAP — SAP NetWeaver Application Server for ABAP 6.4 Medium2026-03-10
CVE-2026-25960 SSRF Protection Bypass in vLLM — vllm 7.1 High2026-03-09
CVE-2026-3588 Server-Side Request Forgery (SSRF) in ikea dirigera — dirigera 7.5 High2026-03-09
CVE-2026-3789 Bytedesk SpringAIGiteeRestController SpringAIGiteeRestService.java getModels server-side request forgery — Bytedesk 6.3 Medium2026-03-08

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.