Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2025-9522 Blind Server-Side Request Forgery (SSRF) in Omada Controller — Omada Controller 7.5AIHighAI2026-01-26
CVE-2026-0807 Frontis Blocks <= 1.1.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter — Frontis Blocks — Block Library for the Block Editor 7.2 High2026-01-24
CVE-2026-24548 WordPress Radio Player plugin <= 2.0.91 - Server Side Request Forgery (SSRF) vulnerability — Radio Player 5.4 Medium2026-01-23
CVE-2026-24138 FOG vulnerable to unauthenticated SSRF via `/fog/service/getversion.php` — fogproject 7.5 High2026-01-23
CVE-2026-24117 Rekor affected by Server-Side Request Forgery (SSRF) via provided public key URL — rekor 5.3 Medium2026-01-22
CVE-2026-24381 WordPress PhotoMe theme < 5.7.2 - Server Side Request Forgery (SSRF) vulnerability — PhotoMe 5.4 Medium2026-01-22
CVE-2026-24360 WordPress Seriously Simple Podcasting plugin <= 3.14.1 - Server Side Request Forgery (SSRF) vulnerability — Seriously Simple Podcasting 4.4 Medium2026-01-22
CVE-2026-22482 WordPress IMGspider plugin <= 2.3.12 - Server Side Request Forgery (SSRF) vulnerability — IMGspider 4.9 Medium2026-01-22
CVE-2026-22358 WordPress Electrician - Electrical Service WordPress theme <= 5.6 - Server Side Request Forgery (SSRF) vulnerability — Electrician - Electrical Service WordPress 5.4 Medium2026-01-22
CVE-2025-68030 WordPress Frontis Blocks plugin <= 1.1.5 - Server Side Request Forgery (SSRF) vulnerability — Frontis Blocks 7.2 High2026-01-22
CVE-2025-67961 WordPress WPO365 plugin <= 40.0 - Server Side Request Forgery (SSRF) vulnerability — WPO365 6.4 Medium2026-01-22
CVE-2025-64252 WordPress ANAC XML Viewer plugin <= 1.8.2 - Server Side Request Forgery (SSRF) vulnerability — ANAC XML Viewer 4.9 Medium2026-01-22
CVE-2025-62741 WordPress Pool Services theme <= 3.3 - Server Side Request Forgery (SSRF) vulnerability — Pool Services 5.4 Medium2026-01-22
CVE-2026-24048 Backstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow` — backstage 3.5 Low2026-01-21
CVE-2026-1180 Org.keycloak.protocol.oidc: blind server-side request forgery (ssrf) in keycloak oidc dynamic client registration via jwks_uri — Red Hat build of Keycloak 26.4 5.8 Medium2026-01-20
CVE-2026-22219 Chainlit < 2.9.4 SQLAlchemy Data Layer SSRF via /project/element — Chainlit 8.1AIHighAI2026-01-19
CVE-2026-23845 Mailpit Vulnerable to Server-Side Request Forgery (SSRF) via HTML Check API — mailpit 5.8 Medium2026-01-19
CVE-2026-1062 xiweicheng TMS HtmlUtil.java summary server-side request forgery — TMS 6.3 Medium2026-01-17
CVE-2026-0682 Church Admin <= 5.0.28 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'audio_url' Parameter — Church Admin 2.2 Low2026-01-17
CVE-2025-15104 Nu Html Checker (validator.nu) - Restriction bypass vulnerability allowing local SSRF — The Nu Html Checker 7.5 -2026-01-16
CVE-2025-14793 DK PDF – WordPress PDF Generator <= 2.3.0 - Authenticated (Author+) Server-Side Request Forgery — DK PDF – WordPress PDF Generator 5.0 Medium2026-01-16
CVE-2026-23768 Lucy-XSS 安全漏洞 — lucy-xss-filter--2026-01-16
CVE-2021-47776 Umbraco v8.14.1 - 'baseUrl' SSRF — Umbraco 5.3 Medium2026-01-15
CVE-2026-0600 Nexus Repository 3 - Server-Side Request Forgery in Proxy Repository Configuration — Nexus Repository 4.9AIMediumAI2026-01-14
CVE-2026-0532 External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini Connector — Kibana 8.6 High2026-01-14
CVE-2025-14613 GetContentFromURL <= 1.0 - Authenticated (Contributor+) Server-Side Request Forgery via 'url' Shortcode Attribute — GetContentFromURL 7.2 High2026-01-14
CVE-2026-20958 Microsoft SharePoint Information Disclosure Vulnerability — Microsoft SharePoint Enterprise Server 2016 5.4 Medium2026-01-13
CVE-2025-67685 Fortinet FortiSandbox 代码问题漏洞 — FortiSandbox 3.4 Low2026-01-13
CVE-2026-22805 Metabase channel test endpoint can reach internal local addresses — metabase 8.2AIHighAI2026-01-12
CVE-2026-22772 Fulcio vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass — fulcio 5.8 Medium2026-01-12

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.