CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1481

1481 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-41302	OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin Download — OpenClaw	7.6	High	2026-04-20
CVE-2026-41297	OpenClaw < 2026.3.31 - Server-Side Request Forgery via Marketplace Plugin Download Redirect — OpenClaw	7.6	High	2026-04-20
CVE-2026-33626	LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading — lmdeploy	7.5	High	2026-04-20
CVE-2026-25883	Vexa Webhook Feature has a SSRF Vulnerability — vexa	5.8	Medium	2026-04-20
CVE-2026-34428	Vvveb < 1.0.8.1 SSRF via oEmbedProxy — Vvveb	7.7	High	2026-04-20
CVE-2026-6649	Qibo CMS headers server-side request forgery — CMS	6.3	Medium	2026-04-20
CVE-2026-6625	moxi624 Mogu Blog v2 Picture Storage Service LocalFileServiceImpl.java LocalFileServiceImpl.uploadPictureByUrl server-side request forgery — Mogu Blog v2	7.3	High	2026-04-20
CVE-2026-6618	langgenius dify ApiBasedToolSchemaParser parser.py parse_openai_plugin_json_to_tool_bundle server-side request forgery — dify	6.3	Medium	2026-04-20
CVE-2026-6617	langgenius dify ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema server-side request forgery — dify	6.3	Medium	2026-04-20
CVE-2026-6616	TransformerOptimus SuperAGI WebScraperTool webpage_extractor.py extract_with_lxml server-side request forgery — SuperAGI	6.3	Medium	2026-04-20
CVE-2026-6606	modelscope agentscope _agent_base.py _process_audio_block server-side request forgery — agentscope	7.3	High	2026-04-20
CVE-2026-6605	modelscope agentscope Internal Service _common.py _get_bytes_from_web_url server-side request forgery — agentscope	7.3	High	2026-04-20
CVE-2026-6604	modelscope agentscope Cloud Metadata Endpoint _openai_tools.py openai_audio_to_text server-side request forgery — agentscope	7.3	High	2026-04-20
CVE-2026-6587	vibrantlabsai RAGAS Collections util.py _try_process_url server-side request forgery — RAGAS	6.3	Medium	2026-04-20
CVE-2026-6573	PHPEMS Instant Exam Creation exams.master.php temppage server-side request forgery — PHPEMS	6.3	Medium	2026-04-19
CVE-2026-40348	Movary has Authenticated SSRF via Jellyfin Server URL Verification that Allows Internal Network Probing — movary	7.7	High	2026-04-18
CVE-2026-40346	NocoBase has SSRF in Workflow HTTP Request and Custom Request Plugins — @nocobase/plugin-workflow-request	8.3^AI	High^AI	2026-04-17
CVE-2026-40516	OpenHarness SSRF via web_fetch and web_search — OpenHarness	8.3	High	2026-04-17
CVE-2026-6497	prasathmani TinyFileManager File Upload filemanager.php server-side request forgery — TinyFileManager	6.3	Medium	2026-04-17
CVE-2026-5131	Server-Side Request Forgery in GREENmod — GREENmod	9.8^AI	Critical^AI	2026-04-17
CVE-2026-5052	Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS — Vault	5.3	Medium	2026-04-17
CVE-2026-40500	ProcessWire CMS SSRF via Add Module From URL — processwire	6.8	Medium	2026-04-15
CVE-2026-39845	Weblate: SSRF via the webhook add-on using unprotected fetch_url() — weblate	4.1	Medium	2026-04-15
CVE-2026-33440	Weblate: Authenticated SSRF via redirect bypass of ALLOWED_ASSET_DOMAINS in screenshot URL uploads — weblate	5.0	Medium	2026-04-15
CVE-2026-35032	Jellyfin: Potential SSRF + Arbitrary file read via LiveTV M3U tuner — jellyfin	8.1	-	2026-04-14
CVE-2025-59809	Fortinet FortiSOAR PaaS和Fortinet FortiSOAR on-premise 代码问题漏洞 — FortiSOAR on-premise	4.1	Medium	2026-04-14
CVE-2026-34225	Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality — open-webui	4.3	Medium	2026-04-14
CVE-2026-39418	MaxKB: SSRF via sandbox network hook bypass — MaxKB	5.0	Medium	2026-04-14
CVE-2026-6220	HummerRisk Video File Download URL ServerService.java ServerService.addServer server-side request forgery — HummerRisk	4.7	Medium	2026-04-13
CVE-2026-33659	EspoCRM: SSRF via DNS Rebinding in Attachment fromImageUrl Endpoint Allows Internal Network Access — espocrm	3.5	Low	2026-04-13

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1481 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1481