Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2026-43526 OpenClaw < 2026.4.12 - Server-Side Request Forgery via QQBot Reply Media URL Handling — OpenClaw 8.2 High2026-05-05
CVE-2026-2948 Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem <= 3.5.3 - Authenticated (Contributor+) Server-Side Request Forgery via 'imageUrl' — Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem 6.4 Medium2026-05-05
CVE-2026-42140 Server-Side Request Forgery (SSRF) in PlantUML Macro via 'server' parameter — macro-plantuml 4.4 Medium2026-05-04
CVE-2026-7729 pixelsock directus-mcp MCP index.ts validateUrl server-side request forgery — directus-mcp 6.3 Medium2026-05-04
CVE-2026-6229 Royal Addons for Elementor <= 1.7.1057 - Authenticated (Contributor+) Server-Side Request Forgery via CSV URL Parameter — Royal Addons for Elementor – Addons and Templates Kit for Elementor 7.2 High2026-05-02
CVE-2026-7605 JeecgBoot uploadImgByHttpEndpoint CommonController.java HttpFileToMultipartFileUtil.downloadImageData server-side request forgery — JeecgBoot 6.3 Medium2026-05-02
CVE-2026-7049 PixelYourSite Pro <= 12.5.0.1 - Unauthenticated Blind Server-Side Request Forgery via 'urls[]' Parameter — PixelYourSite Pro – Your smart PIXEL (TAG) Manager 7.2 High2026-05-02
CVE-2026-6812 Ona <= 1.26 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'download_link' Parameter — Ona 4.4 Medium2026-05-02
CVE-2026-7604 JeecgBoot OpenApi Service OpenApiController.java OpenApiController.call server-side request forgery — JeecgBoot 6.3 Medium2026-05-02
CVE-2026-7603 JeecgBoot LoadFile Endpoint FileDownloadUtils.jav checkPathTraversalBatch server-side request forgery — JeecgBoot 6.3 Medium2026-05-02
CVE-2026-42404 Apache Neethi: Unrestricted HTTP Redirect Following in Policy References — Apache Neethi 6.5 Medium2026-05-01
CVE-2026-3340 Server-Side Request Forgery (SSRF) in Langflow URL Component — Langflow Desktop 6.5 Medium2026-04-30
CVE-2026-7417 Algovate xhs-mcp MCP mcp.server.ts xhs_publish_content server-side request forgery — xhs-mcp 7.3 High2026-04-29
CVE-2026-42641 WordPress Share This Image plugin <= 2.14 - Server Side Request Forgery (SSRF) vulnerability — Share This Image 5.4 Medium2026-04-29
CVE-2026-23773 Dell Disk Library for Mainframe 代码问题漏洞 — Disk Library for mainframe DLm8700 4.3 Medium2026-04-29
CVE-2026-7305 Xuxueli xxl-job trigger Endpoint XxlJobServiceImpl.java triggerJob server-side request forgery — xxl-job 6.3 Medium2026-04-28
CVE-2026-42430 OpenClaw < 2026.4.8 - Strict Browser SSRF Bypass via Playwright Redirect Handling — OpenClaw 6.5 Medium2026-04-28
CVE-2026-41914 OpenClaw < 2026.4.8 - Server-Side Request Forgery in QQ Bot Media Fetch Paths — OpenClaw 8.5 High2026-04-28
CVE-2026-41912 OpenClaw < 2026.4.8 - Server-Side Request Forgery Policy Bypass via Interaction-Triggered Navigation — OpenClaw 7.6 High2026-04-28
CVE-2026-24231 NVIDIA NeMoClaw 代码问题漏洞 — NemoClaw 6.3 Medium2026-04-28
CVE-2026-7291 o2oa URL Fetching FileAction.java FileAction server-side request forgery — o2oa 6.3 Medium2026-04-28
CVE-2026-7223 BigSweetPotatoStudio HyperChat AI Proxy Middleware aiProxyMiddleware.mts fetch server-side request forgery — HyperChat 7.3 High2026-04-28
CVE-2026-7221 TencentCloudBase CloudBase-MCP open-url API Endpoint interactive-server.ts openUrl server-side request forgery — CloudBase-MCP 7.3 High2026-04-28
CVE-2026-7178 ChatGPTNextWeb NextChat Artifacts Endpoint route.ts storeUrl server-side request forgery — NextChat 7.3 High2026-04-27
CVE-2026-7177 ChatGPTNextWeb NextChat route.ts proxyHandler server-side request forgery — NextChat 7.3 High2026-04-27
CVE-2026-7158 dmitryglhf mcp-url-downloader server.py _validate_url_safe server-side request forgery — mcp-url-downloader 7.3 High2026-04-27
CVE-2026-7150 dh1011 auto-favicon MCP Tool server.py generate_favicon_from_url server-side request forgery — auto-favicon 6.3 Medium2026-04-27
CVE-2026-7147 JoeCastrom mcp-chat-studio LLM Models API llm.js server-side request forgery — mcp-chat-studio 7.3 High2026-04-27
CVE-2026-7146 AlejandroArciniegas mcp-data-vis HTTP Request server.js axios server-side request forgery — mcp-data-vis 7.3 High2026-04-27
CVE-2026-7094 ShadowCloneLabs GlutamateMCPServers puppeteer_navigate index.ts server-side request forgery — GlutamateMCPServers 7.3 High2026-04-27

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.