Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 478— Search: SSRF×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
CVE-2026-3491: SSRF in whisperx-fastapi download_from_url with bypass PoC
github.com · 2026-04-07

### Vulnerability Overview * **Vulnerability Name**: CWE-918: SSRF in `download_from_url()` — URL validation occurs after the HTTP request; extension bypass via `.mp3` * **CVE ID**: CVE-2026-3491 * **…

Read more
pyload-ng CVE-2026-33992 SSRF Bypass via HTTP Redirect and POC
github.com · 2026-04-07

### Vulnerability Overview **CVE-2026-33992** (related to CVE-2026-35459) is an SSRF (Server-Side Request Forgery) bypass vulnerability. * **Root Cause**: The previous fix only validated the initial d…

Read more
SSRF via Webhook Creation Endpoint Missing URL Safety Validation
github.com · 2026-04-03

# SSRF via Webhook Creation Endpoint Missing URL Safety Validation ### Summary This is a Server-Side Request Forgery (SSRF) vulnerability present in the Webhook creation endpoint (`POST /api/v1/webhoo…

Read more
Appsmith v1.97 SSRF Bypass via Docker Gateway IP (172.17.0.1)
vuldb.com · 2026-04-03

# Appsmith v1.97 SSRF 漏洞总结 **漏洞概述** Appsmith 通过警告与确认机制防止用户发起内部网络请求(SSRF),尤其针对 `localhost` 或 `127.0.0.1`。然而,在 Docker 环境中,该机制存在绕过漏洞:攻击者可将 `localhost` 替换为 Docker Bridge Gateway 的默认 IP(`172.17.0.1`),从而绕过字…

Read more
Unauthenticated SSRF via /public/stream: Arbitrary File Read and Extension Bypass Analysis
github.com · 2026-04-03

### Vulnerability Summary **Overview** * **Vulnerability Name:** Unauthenticated Full-Read SSRF via /public/stream Endpoint with Trivially Bypassable Extension Check (Unauthenticated Full-Read SSRF th…

Read more
PostgREST SSRF in upload-from-ur endpoint allows internal resource access
github.com · 2026-04-03

# SSRF in upload-from-ur endpoint allows fetching internal resources and cloud metadata ## 漏洞概述 (Vulnerability Overview) - **标题:** SSRF in upload-from-ur endpoint allows fetching internal resources an…

Read more
Devolutions Server Vulnerabilities: MFA Bypass and SSRF (CVE-2026-4829/4807/4808)
devolutions.net · 2026-04-02

### Vulnerability Summary **Vulnerability ID**: DEVD-2026-0010 **Publication Date**: 2026-04-04 **Overview**: Devolutions Server is affected by multiple security vulnerabilities, including authenticat…

Read more
Local File Path Traversal/SSRF Vulnerability Fix Analysis (file:///UNC Path Bypass)
github.com · 2026-04-02

## Vulnerability Overview This is a **Local File Path Traversal/SSRF vulnerability** (fixed in Commit 9388071) that allows attackers to bypass sandbox restrictions and access unauthorized files or rem…

Read more
Unauthenticated SSRF via /loadImg bypassing startWith whitelist to steal auth tokens
github.com · 2026-04-02

# Vulnerability Summary ## Vulnerability Overview **Vulnerability Name**: Unauthenticated SSRF via /loadImg Chains with startWith() Credential Leak for Authentication Token Theft **Description**: This…

Read more
FreeScout SSRF Bypass via Broken CIDR Check in checkIpByMask
github.com · 2026-04-02

# SSRF 保护绕过漏洞 (checkIpByMask 函数 CIDR 检查错误) **漏洞概述** * **漏洞名称:** SSRF protection bypass via broken CIDR check in checkIpByMask() * **严重程度:** Critical (严重) * **CVSS 评分:** 9.8 * **受影响版本:** 1.8.2, 2.11 * …

Read more
SSRF Vulnerability Analysis: Attack Chains and Bypass Techniques
portswigger.net · 2026-04-02

# SSRF (Server-Side Request Forgery) Vulnerability Summary ## 1. Vulnerability Overview SSRF (Server-Side Request Forgery) is a web security vulnerability that allows an attacker to cause a server-sid…

Read more
Mastodon SSRF Fix: Restricting Private Address Resolution in Request
github.com · 2026-02-25

From the provided webpage screenshot, the following key vulnerability-related information can be extracted: - **Submission Details** - Submission ID: `7b85d21` - Author: `neiros` - Submission Time: 4 …

Read more
esm.sh SSRF Bypass via DNS Alias (CVE-2026-27730) Analysis
github.com · 2026-02-26

``` # SSRF Local Network/Private Network Bypass Vulnerability ## Summary - **CVE ID**: CVE-2026-27730 - **CVSS Score**: 8.6 - **Affected Versions**: Latest version, no patch available ## Vulnerability…

Read more
LangChain @langchain/community SSRF Bypass via Redirect Chaining (CVE-2026-27795) Advisory
github.com · 2026-02-26

## Critical Vulnerability Information - **Vulnerability Name**: SSRF Bypass in RecursiveUrlLoader via redirect chaining - **Risk Level**: Moderate (4.1 / 10) - **CVE ID**: CVE-2026-27795 - **Affected …

Read more
Wallos SSRF via Redirect Bypass (CVE-2026-27479) Analysis
github.com · 2026-02-21

### Vulnerability Key Information - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **CVE ID**: CVE-2026-27479 - **CVSS Score**: 7.7 (High) - **Affected Versions**: <= 2.40.0 - **Fixed Ve…

Read more
Craft CMS CVE-2026-27129 IPv6 SSRF Protection Bypass via gethostbyname
github.com · 2026-02-24

Thinking Process: 1. **Analyze the Request:** * **Task:** Translate a Chinese vulnerability intelligence summary to English. * **Role:** Professional translator specializing in cybersecurity. * **Cons…

Read more
MindsDB Editor SSRF Bypass via userinfo in URL
github.com · 2026-02-21

### Key Information #### Vulnerability Type - Server-Side Request Forgery (SSRF) #### Vulnerability Description - The file upload feature in MindsDB Editor contains an SSRF vulnerability. - Due to imp…

Read more
Mindsdb SSRF Bypass via userinfo in netloc: Analysis and Fix
github.com · 2026-02-21

### Key Information #### Vulnerability Type - **SSRF (Server-Side Request Forgery) Vulnerability** #### Vulnerability Description - **Issue**: The `_split_url` function in `mindsdb/utilities/security.…

Read more
CVE-2026-26019: SSRF Bypass in Langchain @langchain/community RecursiveUrlLoader
github.com · 2026-02-12

## Critical Vulnerability Information ### Vulnerability Overview - **Vulnerability Type**: SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validation - **CVE ID**: CVE-2026-26019 - **Sev…

Read more
CVE-2026-25493: SSRF via HTTP Redirect in GraphQL Asset Mutation
github.com · 2026-02-10

### Critical Vulnerability Information **Vulnerability Title**: SSRF in GraphQL Asset Mutation via HTTP Redirect **Vulnerability ID**: GHSA-8jr8-7hr4-vhfx **CVE ID**: CVE-2026-25493 **Severity**: Mode…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.