Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2026-5530 Ollama Model Pull API download.go server-side request forgery — Ollama 6.3 Medium2026-04-05
CVE-2026-34954 PraisonAI: SSRF in FileTools.download_file() via Unvalidated URL — PraisonAI 8.6 High2026-04-03
CVE-2026-34936 PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback — PraisonAI 7.7 High2026-04-03
CVE-2026-22664 prompts.chat SSRF via Fal.ai Media Status Polling — prompts.chat 7.7 High2026-04-03
CVE-2026-22662 prompts.chat Blind SSRF via media-generate — prompts.chat 4.3 Medium2026-04-03
CVE-2026-28798 Arbitrary internal service access via /v1/sys/proxy when Cloudflare Tunnel is enabled on ZimaOS — ZimaOS 9.1 Critical2026-04-03
CVE-2026-32186 Microsoft Bing Elevation of Privilege Vulnerability — Microsoft Bing 10.0 Critical2026-04-03
CVE-2026-31818 Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist — budibase 9.6 Critical2026-04-03
CVE-2026-5470 mixelpixx Google-Research-MCP Model Context Protocol content-extractor.service.ts extractContent server-side request forgery — Google-Research-MCP 6.3 Medium2026-04-03
CVE-2026-5469 Casdoor Webhook URL server-side request forgery — Casdoor 4.7 Medium2026-04-03
CVE-2026-26135 Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability — Azure Custom Locations Resource Provider 9.6 Critical2026-04-02
CVE-2026-33107 Azure Databricks Elevation of Privilege Vulnerability — Azure Databricks 10.0 Critical2026-04-02
CVE-2026-5418 appsmithorg appsmith Dashboard WebClientUtils.java computeDisallowedHosts server-side request forgery — appsmith 7.3 High2026-04-02
CVE-2026-5417 Dataease SQLbot Elasticsearch es_engine.py get_es_data_by_http server-side request forgery — SQLbot 4.7 Medium2026-04-02
CVE-2026-34590 Postiz: SSRF via Webhook Creation Endpoint Missing URL Safety Validation — postiz-app 5.4 Medium2026-04-02
CVE-2026-34577 Postiz: Unauthenticated Full-Read SSRF via /public/stream Endpoint with Trivially Bypassable Extension Check — postiz-app 8.6 High2026-04-02
CVE-2026-34576 Postiz: SSRF in upload-from-url endpoint allows fetching internal resources and cloud metadata — postiz-app 6.5AIMediumAI2026-04-02
CVE-2026-34526 SillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6 — SillyTavern 5.0 Medium2026-04-02
CVE-2026-5346 huimeicloud hm_editor image-to-base64 Endpoint mcp-server.js client.get server-side request forgery — hm_editor 7.3 High2026-04-02
CVE-2026-32871 FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability — fastmcp 9.1AICriticalAI2026-04-02
CVE-2026-0686 Webmention <= 5.6.2 - Unauthenticated Blind Server-Side Request Forgery — Webmention 7.2 High2026-04-02
CVE-2026-0688 Webmention <= 5.6.2 - Authenticated (Subscriber+) Server-Side Request Forgery — Webmention 6.4 Medium2026-04-02
CVE-2026-5323 priyankark a11y-mcp index.js A11yServer server-side request forgery — a11y-mcp 5.3 Medium2026-04-02
CVE-2026-34746 Payload has Authenticated SSRF via Upload Functionality — payload 7.7 High2026-04-01
CVE-2026-34076 Clerk JavaScript: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host — javascript 7.4 High2026-04-01
CVE-2026-20041 Cisco Nexus Dashboard Server Side Request Forgery Vulnerability — Cisco Nexus Dashboard 6.1 Medium2026-04-01
CVE-2026-33990 Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF) — model-runner 8.2AIHighAI2026-04-01
CVE-2026-4989 Devolutions Server 安全漏洞 — Server 6.5AIMediumAI2026-04-01
CVE-2026-0932 M-Files Server 安全漏洞 — M-Files Server 8.2AIHighAI2026-04-01
CVE-2026-5259 AutohomeCorp frostmourne Alarm Preview AlarmController.java server-side request forgery — frostmourne 6.3 Medium2026-04-01

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.