Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1539

1539 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2026-34476 Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server — Apache SkyWalking MCP 9.1 -2026-04-13
CVE-2026-5936 Server-Side Request Forgery (SSRF) via URL Parameter in Foxit PDF Services API — Foxit PDF Services API 8.5 High2026-04-13
CVE-2026-6119 AstrBotDevs AstrBot API Endpoint post_data.get server-side request forgery — AstrBot 6.3 Medium2026-04-12
CVE-2026-6111 FoundationAgents MetaGPT common.py decode_image server-side request forgery — MetaGPT 6.3 Medium2026-04-12
CVE-2026-4979 UsersWP <= 1.2.58 - Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' Parameter — UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP 5.0 Medium2026-04-11
CVE-2026-40242 Arcane Unauthenticated SSRF with Conditional Response Reflection in Template Fetch Endpoint — arcane 7.2 High2026-04-10
CVE-2026-39922 GeoNode SSRF via Service Registration — GeoNode 8.1 -2026-04-10
CVE-2026-39921 GeoNode < 4.4.5, 5.0.2 SSRF via Document Upload — GeoNode 7.1 -2026-04-10
CVE-2026-40168 Postiz has Server-Side Request Forgery via Redirect Bypass in /api/public/stream — postiz-app 8.2 High2026-04-10
CVE-2026-30232 Chartbrew has SSRF in API Data Connection - No IP Validation on User-Provided URLs — chartbrew 8.1 -2026-04-10
CVE-2026-31941 Server-Side Request Forgery (SSRF) in Chamilo LMS — chamilo-lms 7.7 High2026-04-10
CVE-2026-40160 PraisonAIAgents has SSRF via unvalidated URL in `web_crawl` httpx fallback — PraisonAIAgents 7.4AIHighAI2026-04-10
CVE-2026-40100 FastGPT has Unauthenticated SSRF in /api/core/app/mcpTools/runTool via missing CHECK_INTERNAL_IP default — FastGPT 5.3 Medium2026-04-10
CVE-2026-6011 OpenClaw assertPublicHostname web-fetch.ts server-side request forgery — OpenClaw 5.6 Medium2026-04-10
CVE-2026-35629 OpenClaw < 2026.3.25 - Server-Side Request Forgery via Unguarded Configured Base URLs in Channel Extensions — OpenClaw 7.4 High2026-04-09
CVE-2026-40150 PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool — PraisonAIAgents 7.7 High2026-04-09
CVE-2026-40114 PraisonAI has Server-Side Request Forgery via Unvalidated webhook_url in Jobs API — PraisonAI 7.2 High2026-04-09
CVE-2026-40107 SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering — siyuan 6.1AIMediumAI2026-04-09
CVE-2026-40089 Sonicverse has Server-Side Request Forgery via user-controlled URLs in dashboard API client — audiostreaming-stack 9.9 Critical2026-04-09
CVE-2026-40072 web3.py affected by SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling — web3.py 9.1AICriticalAI2026-04-09
CVE-2026-39974 n8n-MCP has an Authenticated SSRF via instance-URL header in multi-tenant HTTP mode — n8n-mcp 8.5 High2026-04-09
CVE-2026-39843 Plane has a Server-Side Request Forgery (SSRF) in Favicon Fetching — plane 7.7 High2026-04-09
CVE-2026-5832 atototo api-lab-mcp HTTP http-server.ts test_http_endpoint server-side request forgery — api-lab-mcp 7.3 High2026-04-09
CVE-2026-39885 FrontMCP Affected by SSRF via $ref Dereferencing in Untrusted OpenAPI Specifications — frontmcp 7.5 High2026-04-08
CVE-2026-5803 bigsk1 openai-realtime-ui API Proxy Endpoint server.js server-side request forgery — openai-realtime-ui 6.3 Medium2026-04-08
CVE-2026-39362 InvenTree has SSRF via Remote Image Download — No IP/Hostname Validation on remote_image URLs — InvenTree 7.1AIHighAI2026-04-08
CVE-2026-34719 Zammad has a Server-side request forgery (SSRF) via webhooks — zammad 6.5AIMediumAI2026-04-08
CVE-2026-32591 Mirror-registry: quay: server-side request forgery in proxy cache upstream registry configuration — mirror registry for Red Hat OpenShift 5.2 Medium2026-04-08
CVE-2026-33458 Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure — Kibana 6.8 Medium2026-04-08
CVE-2026-2377 Mirror-registry: quay: quay: server-side request forgery via log export functionality — mirror registry for Red Hat OpenShift 6.5 Medium2026-04-08

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1539 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.