Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1696

1696 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2026-53827 OpenClaw < 2026.5.2 - Credential Exposure via Model-Supplied Loopback URLs in message.action Forwarding — OpenClaw 6.5 Medium2026-06-12
CVE-2026-47268 Nezha Monitoring: Authenticated DDNS webhook configuration allows blind SSRF from the dashboard host — nezha 6.4 Medium2026-06-12
CVE-2026-53607 @apostrophecms/file pretty-URL Vulnerable to Unauthenticated SSRF via Host header — apostrophe 3.7 Low2026-06-12
CVE-2026-45012 Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget — apostrophe 7.6 High2026-06-12
CVE-2026-50552 Koel: Server-Side Request Forgery (SSRF) in radio station creation due to missing validation bail — koel 6.3 Medium2026-06-12
CVE-2026-47260 Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs — koel 7.7 High2026-06-12
CVE-2026-53812 OpenClaw < 2026.5.18 - Private-Network Navigation Bypass via Browser Act Interactions — OpenClaw 7.7 High2026-06-11
CVE-2026-53782 Summarize < 0.17.0 SSRF via podcast:transcript URL fetch — summarize 7.4 High2026-06-11
CVE-2026-47170 Garlic-Hub: SSRF vulnerability in uploadFromUrl endpoint — garlic-hub 7.7 High2026-06-11
CVE-2026-47157 aiograpi: Unsafe signup challenge path handling — aiograpi 6.5 Medium2026-06-11
CVE-2026-46697 Fediverse Embeds: Unauthenticated SSRF / open proxy via REST media-proxy endpoint — fediverse-embeds-wordpress-plugin 7.5 High2026-06-11
CVE-2026-46698 Fediverse Embeds: Public-nonce SSRF via ftf_get_site_info AJAX action — fediverse-embeds-wordpress-plugin 5.3 Medium2026-06-11
CVE-2026-44492 Axios: shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718) — axios 8.6 High2026-06-11
CVE-2026-3341 IBM Langflow Desktop 1.0.0 - 1.9.2 DNS Rebinding Bypasses SSRF Protection Allowing Access to Internal Services — Langflow Desktop 5.4 Medium2026-06-11
CVE-2026-9204 Server-Side Request Forgery (SSRF) in GitLab — GitLab 5.3 Medium2026-06-11
CVE-2026-40999 Spring WS SSRF via unvalidated WS-Addressing reply destinations — Spring Web Services 8.6 High2026-06-11
CVE-2026-50131 Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges — fedify 8.6 High2026-06-10
CVE-2026-50127 Weblate SSRF: outbound URL guard misses the NAT64 well-known prefix (64:ff9b::/96) — weblate 5.9 Medium2026-06-10
CVE-2026-46683 Snappy: SSRF and local file read via the xsl-style-sheet option — snappy--2026-06-10
CVE-2026-20252 Server-Side Request Forgery (SSRF) through Dashboard Studio PDF Export in Splunk Enterprise — Splunk Enterprise 7.6 High2026-06-10
CVE-2026-46497 SSRF via sitemap-derived URLs in Crawlee for Python — crawlee-python--2026-06-10
CVE-2026-48858 ftp client PASV response IP not validated against control peer, enabling SSRF and FTP bounce attacks — OTP--2026-06-10
CVE-2026-45561 Roxy-WI: SSRF in /smon/agent/<endpoint>/<server_ip> reachable to cloud metadata IPs — roxy-wi 6.5 Medium2026-06-10
CVE-2026-47938 Adobe Campaign Classic (ACC) | Server-Side Request Forgery (SSRF) (CWE-918) — Adobe Campaign Classic (ACC) 10.0 Critical2026-06-09
CVE-2026-45504 Microsoft Exchange Server Elevation of Privilege Vulnerability — Microsoft Exchange Server 2016 Cumulative Update 23 8.8 High2026-06-09
CVE-2026-45502 Microsoft Exchange Server Information Disclosure Vulnerability — Microsoft Exchange Server 2016 Cumulative Update 23 5.0 Medium2026-06-09
CVE-2026-45501 Microsoft Exchange Server Spoofing Vulnerability — Microsoft Exchange Server 2016 Cumulative Update 23 6.5 Medium2026-06-09
CVE-2026-41854 Spring Framework Server-Side Request Forgery via UriComponentsBuilder — Spring Framework 4.2 Medium2026-06-09
CVE-2026-11469 jishenghua jshERP platformConfig Add Endpoint PlatformConfigService.java insertPlatformConfig server-side request forgery — jshERP 4.7 Medium2026-06-07
CVE-2026-11437 perfree go-fastdfs-web Installation Endpoint checkServer server-side request forgery — go-fastdfs-web 7.3 High2026-06-06

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1696 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.