Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2026-2377 Mirror-registry: quay: quay: server-side request forgery via log export functionality — mirror registry for Red Hat OpenShift 6.5 Medium2026-04-08
CVE-2026-39695 WordPress Podigee plugin <= 1.4.0 - Server Side Request Forgery (SSRF) vulnerability — Podigee 5.4 Medium2026-04-08
CVE-2026-39670 WordPress Visual Link Preview plugin <= 2.3.0 - Server Side Request Forgery (SSRF) vulnerability — Visual Link Preview 6.0 Medium2026-04-08
CVE-2026-39645 WordPress GlobalPayments WooCommerce plugin <= 1.18.0 - Server Side Request Forgery (SSRF) vulnerability — GlobalPayments WooCommerce 5.4 Medium2026-04-08
CVE-2026-39647 WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.11 - Server Side Request Forgery (SSRF) vulnerability — MP3 Audio Player for Music, Radio & Podcast by Sonaar 5.4 Medium2026-04-08
CVE-2026-39630 WordPress Getty Images plugin <= 4.1.0 - Server Side Request Forgery (SSRF) vulnerability — Getty Images 6.4 Medium2026-04-08
CVE-2026-39521 WordPress Nelio Content plugin <= 4.3.1 - Server Side Request Forgery (SSRF) vulnerability — Nelio Content 4.9 Medium2026-04-08
CVE-2026-39464 WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin <= 6.19.8 - Server Side Request Forgery (SSRF) vulnerability — Coming Soon Page, Under Construction & Maintenance Mode by SeedProd 5.5 Medium2026-04-08
CVE-2026-1343 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access — Verify Identity Access Container 7.2 High2026-04-08
CVE-2026-39370 WWBN AVideo has an Allowlisted downloadURL media extensions bypass SSRF protection and enable internal response exfiltration (Incomplete fix for CVE-2026-27732) — AVideo 7.1 High2026-04-07
CVE-2026-39368 WWBN AVideo has a Live restream log callback flow enabling stored SSRF to internal services — AVideo 6.5 Medium2026-04-07
CVE-2026-39361 OpenObserve has a SSRF Protection Bypass via IPv6 Bracket Notation in validate_enrichment_url — openobserve 7.7 High2026-04-07
CVE-2026-35572 SSRF via Referer header in ChurchCRM allows server-side HTTP/HTTPS requests to arbitrary hosts — CRM 7.1AIHighAI2026-04-07
CVE-2026-35516 LinkAce has SSRF via CheckLinksCommand - Link URL Update Bypasses laravel-html-meta Protection — LinkAce 5.0 Medium2026-04-07
CVE-2026-35486 text-generation-webui has a SSRF in superbooga/superboogav2 extensions — no URL validation — text-generation-webui 7.5 High2026-04-07
CVE-2026-35461 Papra has a Blind Server-Side Request Forgery (SSRF) via Webhook URL — papra 5.0 Medium2026-04-07
CVE-2026-35409 Directus has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in File Import — directus 7.7 High2026-04-06
CVE-2026-35459 pyLoad has SSRF fix bypass via HTTP redirect — pyload 4.6AIMediumAI2026-04-06
CVE-2026-35187 pyLoad has SSRF in parse_urls API endpoint via unvalidated URL parameter — pyload 7.7 High2026-04-06
CVE-2026-35037 Ech0 affected by unauthenticated SSRF in GetWebsiteTitle allows access to internal services and cloud metadata — Ech0 7.2 High2026-04-06
CVE-2026-35036 Ech0 Affected by Unauthenticated Server-Side Request Forgery in Website Preview Feature — Ech0 7.5 High2026-04-06
CVE-2026-34981 whisperX REST API: SSRF in download_from_url() — URL validation happens after HTTP request, extension bypass via .mp3 — whisperX-FastAPI 5.8 Medium2026-04-06
CVE-2026-34753 vLLM affected by Server-Side Request Forgery (SSRF) in `download_bytes_from_url ` — vllm 5.4 Medium2026-04-06
CVE-2026-33752 Redirect-based SSRF leading to internal network access in curl_cffi (with TLS impersonation bypass) — curl_cffi 8.6 High2026-04-06
CVE-2026-33540 Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm — distribution 7.5 High2026-04-06
CVE-2026-5633 assafelovic gpt-researcher ws Endpoint server-side request forgery — gpt-researcher 7.3 High2026-04-06
CVE-2026-5623 hcengineering Huly Platform Import Endpoint index.ts server-side request forgery — Huly Platform 6.3 Medium2026-04-06
CVE-2026-5618 kalcaddle kodbox shareMake/shareCheck server-side request forgery — kodbox 5.6 Medium2026-04-06
CVE-2026-5607 imprvhub mcp-browser-agent URL Parameter handlers.ts CallToolRequestSchema server-side request forgery — mcp-browser-agent 6.3 Medium2026-04-06
CVE-2026-5538 QingdaoU OnlineJudge judge_server_heartbeat Endpoint JudgeServer.service_url server-side request forgery — OnlineJudge 6.3 Medium2026-04-05

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.