Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2026-26324 OpenClaw has a SSRF guard bypass via full-form IPv4-mapped IPv6 (loopback / metadata reachable) — openclaw 7.5 High2026-02-19
CVE-2026-26322 OpenClaw Gateway tool allowed unrestricted gatewayUrl override — openclaw 7.6 High2026-02-19
CVE-2025-8055 SSRF vulnerability have been discovered in OpenText™ XM Fax — XM Fax 9.1AICriticalAI2026-02-19
CVE-2026-26286 SillyTavern has Server-Side Request Forgery (SSRF) via Asset Download Endpoint that Allows Reading Internal Services — SillyTavern 6.5 -2026-02-19
CVE-2026-26339 Hyland Alfresco Transformation Service Argument Injection RCE — Alfresco Transformation Service (Enterprise) 9.8 Critical2026-02-19
CVE-2026-26338 Hyland Alfresco Transformation Service SSRF — Alfresco Transformation Service (Enterprise) 9.8 Critical2026-02-19
CVE-2026-2274 Arbitrary File Read and SSRF in Google AppSheet — AppSheet Web (Main Server) 6.5AIMediumAI2026-02-19
CVE-2026-25428 WordPress TS Poll plugin <= 2.5.5 - Server Side Request Forgery (SSRF) vulnerability — TS Poll 4.4 Medium2026-02-19
CVE-2026-25385 WordPress URL Shortify plugin <= 1.12.3 - Server Side Request Forgery (SSRF) vulnerability — URL Shortify 5.5 Medium2026-02-19
CVE-2026-25310 WordPress Extend Link plugin <= 2.0.0 - Server Side Request Forgery (SSRF) vulnerability — Extend Link 4.9 Medium2026-02-19
CVE-2026-23803 WordPress Smart Auto Upload Images plugin <= 1.2.2 - Server Side Request Forgery (SSRF) vulnerability — Smart Auto Upload Images 7.2 Medium2026-02-19
CVE-2026-2711 zhutoutoutousan worldquant-miner URL ssrf_proxy.py server-side request forgery — worldquant-miner 5.6 Medium2026-02-19
CVE-2025-12375 Printful Integration for WooCommerce <= 2.2.11 - Authenticated (Contributor+) Server-Side Request Forgery — Printful Integration for WooCommerce 6.4 Medium2026-02-19
CVE-2026-2654 huggingface smolagents LocalPythonExecutor requests.post server-side request forgery — smolagents 6.3 Medium2026-02-18
CVE-2026-1857 Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter — Kadence Blocks — Page Builder Toolkit for Gutenberg Editor 4.3 Medium2026-02-18
CVE-2025-36243 Multiple Vulnerabilities in IBM Concert Software. — Concert 5.4 Medium2026-02-17
CVE-2026-2558 GeekAI net_handler.go Download server-side request forgery — GeekAI 6.3 Medium2026-02-16
CVE-2026-2556 cskefu Endpoint MediaController.java server-side request forgery — cskefu 6.3 Medium2026-02-16
CVE-2026-2532 lintsinghua DeepAudit IP Address embedding_config.py server-side request forgery — DeepAudit 6.3 Medium2026-02-16
CVE-2026-2531 MindsDB File Upload security.py clear_filename server-side request forgery — MindsDB 6.3 Medium2026-02-16
CVE-2026-1249 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 5.3 - 5.10 - Authenticated (Author+) Server-Side Request Forgery — MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 5.0 Medium2026-02-14
CVE-2026-0745 User Language Switch <= 1.6.10 - Authenticated (Administrator+) Server-Side Request Forgery via 'info_language' Parameter — User Language Switch 5.5 Medium2026-02-14
CVE-2026-25991 Tandoor Recipes affected by Blind SSRF with Internal Network Access via Recipe Import — recipes 7.7 High2026-02-13
CVE-2026-26005 ClipBucket v5 enables internal network scans via an SSRF vulnerability — clipbucket-v5 5.0 Medium2026-02-12
CVE-2026-1356 Converter for Media – Optimize images | Convert WebP & AVIF <= 6.5.1 - Unauthenticated Server-Side Request Forgery via src — Converter for Media – Optimize images | Convert WebP & AVIF 4.8 Medium2026-02-12
CVE-2026-26019 @langchain/community affected by SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validation — langchainjs 4.1 Medium2026-02-11
CVE-2025-12073 Server-Side Request Forgery (SSRF) in GitLab — GitLab 4.3 Medium2026-02-11
CVE-2025-12575 Server-Side Request Forgery (SSRF) in GitLab — GitLab 5.4 Medium2026-02-11
CVE-2026-25870 DoraCMS <= 3.1 UEditor Remote Image Fetch SSRF — DoraCMS 5.8 Medium2026-02-10
CVE-2026-26013 LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages — langchain 3.7 Low2026-02-10

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.