Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2026-21512 Azure DevOps Server Cross-Site Scripting Vulnerability — Azure DevOps Server 2022 6.5 Medium2026-02-10
CVE-2025-11242 SSRF in Teknolist Computer's Okulistik — Okulistik 9.8 Critical2026-02-10
CVE-2026-25765 Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url — faraday 5.8 Medium2026-02-09
CVE-2026-25528 LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection — langsmith-sdk 5.8 Medium2026-02-09
CVE-2026-25494 Craft has a SSRF in GraphQL Asset Mutation via Alternative IP Notation — cms 7.5AIHighAI2026-02-09
CVE-2026-25493 Craft has a SSRF in GraphQL Asset Mutation via HTTP Redirect — cms 9.1AICriticalAI2026-02-09
CVE-2026-25492 Craft has a save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host — cms 6.5AIMediumAI2026-02-09
CVE-2026-0632 Fluent Forms Pro Add On Pack <= 6.1.12 - Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource' — Fluent Forms Pro Add On Pack 5.4 Medium2026-02-09
CVE-2026-25904 Overly permissive Deno configuration in mcp-run-python leads to SSRF 5.8 Medium2026-02-09
CVE-2026-25123 Homarr affected by Unauthenticated SSRF / Port-Scan Primitive via widget.app.ping — homarr 5.3 Medium2026-02-06
CVE-2026-25580 Pydantic AI Affected by Server-Side Request Forgery (SSRF) in URL Download Handling — pydantic-ai 8.6 High2026-02-06
CVE-2025-68157 webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects — webpack 3.7 Low2026-02-05
CVE-2025-68458 webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior — webpack 3.7 Low2026-02-05
CVE-2026-1294 All In One Image Viewer Block <= 1.0.2 - Unauthenticated Server-Side Request Forgery via image-proxy Endpoint — All In One Image Viewer Block – Gutenberg block to create image viewer with hyperlink 7.2 High2026-02-05
CVE-2025-62616 AutoGPT has SSRF vulnerability in SendDiscordFileBlock — AutoGPT 8.1AIHighAI2026-02-04
CVE-2025-62615 AutoGPT has SSRF vulnerability in ReadRSSFeedBlock — AutoGPT 9.1AICriticalAI2026-02-04
CVE-2026-1884 ZenTao Webhook model.php fetchHook server-side request forgery — ZenTao 4.7 Medium2026-02-04
CVE-2026-25511 Group-Office is vulnerable to SSRF and File Read in WOPI service discovery — groupoffice 6.8AIMediumAI2026-02-04
CVE-2026-22247 GLPI is Vulnerable to SSRF via Webhooks — glpi 4.1 Medium2026-02-04
CVE-2026-24961 WordPress Grand Blog theme < 3.1.5 - Server Side Request Forgery (SSRF) vulnerability — Grand Blog 5.4 Medium2026-02-03
CVE-2025-13096 XML eXternal Entity injection (XXE) vulnerability affect IBM Business Automation Workflow - — Business Automation Workflow containers 7.1 High2026-02-02
CVE-2026-1518 Keycloak: blind server-side request forgery (ssrf) via ciba backchannel notification endpoint in keycloak — Red Hat Build of Keycloak 2.7 Low2026-02-02
CVE-2026-24902 TrustTunnel has SSRF and private network restriction bypass via numeric address destinations — TrustTunnel 7.1 High2026-01-29
CVE-2026-24767 NocoDB has Blind SSRF via Unvalidated HEAD Request in uploadViaURL Functionality — nocodb 4.9 Medium2026-01-28
CVE-2025-68662 FinalDestination hostname matching allows SSRF protection bypass — discourse 7.6 High2026-01-28
CVE-2020-36944 ILIAS Learning Management System 4.3 - SSRF — ILIAS Learning Management System 4.0 Medium2026-01-28
CVE-2025-14610 TableMaster for Elementor <= 1.3.6 - Authenticated (Author+) Server-Side Request Forgery via 'csv_url' Parameter — TableMaster for Elementor – Advanced Responsive Tables for Elementor 7.2 High2026-01-28
CVE-2026-24779 vLLM vulnerable to Server-Side Request Forgery (SSRF) in `MediaConnector` — vllm 7.1 High2026-01-27
CVE-2026-24736 Squidex has Server-Side Request Forgery (SSRF) Issue in Webhook Configuration — squidex 9.1 Critical2026-01-27
CVE-2026-0746 AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery — AI Engine – The Chatbot, AI Framework & MCP for WordPress 6.4 Medium2026-01-27

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.