Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2026-28416 Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing — gradio 8.2 High2026-02-27
CVE-2026-3286 itwanger paicoding Image Save Endpoint ImageRestController.java save server-side request forgery — paicoding 6.3 Medium2026-02-27
CVE-2026-3270 psi-probe PSI Probe Whois Whois.java lookup server-side request forgery — PSI Probe 6.3 Medium2026-02-26
CVE-2026-28295 Gvfs: gvfs ftp backend: information disclosure via untrusted pasv responses — Red Hat Enterprise Linux 10 4.3 Medium2026-02-26
CVE-2026-27829 Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize — astro 6.5 Medium2026-02-26
CVE-2026-27945 ZITADEL has potential SSRF via Actions — zitadel 6.5AIMediumAI2026-02-26
CVE-2026-27808 Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API — mailpit 5.8 Medium2026-02-25
CVE-2026-24005 OpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host Field — kruise--2026-02-25
CVE-2026-27795 LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader — langchainjs 4.1 Medium2026-02-25
CVE-2026-27739 Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline — angular-cli 9.8AICriticalAI2026-02-25
CVE-2026-3189 feiyuchuixue sz-boot-parent download server-side request forgery — sz-boot-parent 3.1 Low2026-02-25
CVE-2026-27706 Plane Vulnerable to Full Read SSRF via Favicon Fetching in "Add Link" Feature — plane 7.7 High2026-02-25
CVE-2026-27730 esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route — esm.sh 5.3AIMediumAI2026-02-25
CVE-2025-50180 esm.sh is vulnerable to full-response SSRF — esm.sh 7.5AIHighAI2026-02-25
CVE-2026-2479 Responsive Lightbox & Gallery <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload — Responsive Lightbox & Gallery 5.0 Medium2026-02-25
CVE-2026-3163 SourceCodester Website Link Extractor URL file_get_contents server-side request forgery — Website Link Extractor 6.3 Medium2026-02-25
CVE-2026-27696 changedetection.io Vulnerable to Server-Side Request Forgery (SSRF) via Watch URLs — changedetection.io 8.6 High2026-02-25
CVE-2026-27477 Mastodon has SSRF via unvalidated FASP Provider base_url — mastodon 6.5 -2026-02-24
CVE-2026-27732 AVideo has Authenticated Server-Side Request Forgery via downloadURL in aVideoEncoder.json.php — AVideo 8.1 -2026-02-24
CVE-2026-27567 Payload has Server-Side Request Forgery (SSRF) in External File URL Uploads — payload 6.5 Medium2026-02-24
CVE-2026-27129 Cloud Metadata SSRF Protection Bypass via IPv6 Resolution — cms 7.1AIHighAI2026-02-24
CVE-2026-3052 DataLinkDC dinky Flink Proxy Controller FlinkProxyController.java proxyUba server-side request forgery — dinky 6.3 Medium2026-02-24
CVE-2026-25545 Astro has Full-Read SSRF in error rendering via Host: header injection — astro 9.1 -2026-02-24
CVE-2026-3026 erzhongxmu JEEWMS UEditor getRemoteImage.jsp server-side request forgery — JEEWMS 7.3 High2026-02-23
CVE-2026-2985 Tiandy Video Surveillance System 视频监控平台 CLSBODownLoad.java downloadImage server-side request forgery — Video Surveillance System 视频监控平台 6.3 Medium2026-02-23
CVE-2026-2945 JeecgBoot uploadImgByHttp server-side request forgery — JeecgBoot 6.3 Medium2026-02-22
CVE-2026-27488 OpenClaw hardened cron webhook delivery against SSRF — openclaw 7.1 -2026-02-21
CVE-2026-27479 Wallos: SSRF via Redirect Bypass in Logo/Icon URL Fetch — Wallos 7.7 High2026-02-21
CVE-2019-25451 phpMoAdmin 1.1.5 Cross-Site Request Forgery via moadmin.php — phpMoAdmin 8.8 High2026-02-20
CVE-2025-69299 WordPress Oxygen theme <= 6.0.8 - Server Side Request Forgery (SSRF) vulnerability — Oxygen 7.2 High2026-02-20

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.