CWE-918
Server-Side Request Forgery (SSRF)
Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-664
CVEs mapped to this weakness (1,583)
page 6 of 80| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1000017 | Hig | 0.57 | 8.8 | 0.01 | Jul 17, 2017 | phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server | ||
| CVE-2016-3718 | Med | 0.57 | 5.5 | 0.77 | KEV | May 5, 2016 | The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. | |
| CVE-2026-40999 | Hig | 0.56 | 8.6 | 0.00 | Jun 11, 2026 | When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to… | ||
| CVE-2026-45298 | Hig | 0.56 | 8.6 | 0.01 | May 26, 2026 | Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy (the documented quickstart, no DOZZLE_AUTH_PROVIDER set), POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a… | ||
| CVE-2026-7412 | — | Hig | 0.56 | 8.6 | 0.01 | May 5, 2026 | In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP… | |
| CVE-2026-26150 | Hig | 0.56 | 8.6 | 0.01 | Apr 23, 2026 | Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2026-34954 | Hig | 0.56 | 8.6 | 0.00 | Apr 3, 2026 | PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream() with follow_redirects=True. An attacker who… | ||
| CVE-2026-32857 | Hig | 0.56 | 8.6 | 0.00 | Mar 26, 2026 | Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations.… | ||
| CVE-2026-0532 | — | Hig | 0.56 | 8.6 | 0.00 | Jan 14, 2026 | External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an… | |
| CVE-2026-22805 | Hig | 0.56 | 8.6 | 0.00 | Jan 12, 2026 | Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subscriptions could be potentially impacted if their Metabase is colocated with other unsecured resources. This vulnerability is fixed in… | ||
| CVE-2025-59088 | Hig | 0.56 | 8.6 | 0.00 | Nov 12, 2025 | If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker… | ||
| CVE-2025-5260 | Hig | 0.56 | 8.6 | 0.00 | Aug 20, 2025 | Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Server Side Request Forgery. This issue affects Pik Online: before 3.1.5. | ||
| CVE-2025-25235 | Hig | 0.56 | 8.6 | 0.00 | Aug 11, 2025 | Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks. | ||
| CVE-2025-46385 | — | Hig | 0.56 | 8.6 | 0.00 | Jul 20, 2025 | CWE-918 Server-Side Request Forgery (SSRF) | |
| CVE-2024-37359 | Hig | 0.56 | 8.6 | 0.00 | Feb 19, 2025 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. (CWE-918) Hitachi Vantara Pentaho Business Analytics… | ||
| CVE-2023-50733 | Hig | 0.56 | 8.6 | 0.00 | Jan 21, 2025 | A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer Lexmark devices. | ||
| CVE-2024-54819 | Cri | 0.56 | 9.1 | 0.18 | Jan 7, 2025 | I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php | ||
| CVE-2018-2463 | Hig | 0.56 | 8.6 | 0.02 | Sep 11, 2018 | The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC. | ||
| CVE-2018-16409 | Hig | 0.56 | 8.6 | 0.01 | Sep 3, 2018 | In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF. | ||
| CVE-2017-17697 | Hig | 0.56 | 8.6 | 0.01 | Dec 15, 2017 | The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. |
- risk 0.57cvss 8.8epss 0.01
phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server
- risk 0.57cvss 5.5epss 0.77
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
- risk 0.56cvss 8.6epss 0.00
When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to…
- risk 0.56cvss 8.6epss 0.01
Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy (the documented quickstart, no DOZZLE_AUTH_PROVIDER set), POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a…
- risk 0.56cvss 8.6epss 0.01
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP…
- risk 0.56cvss 8.6epss 0.01
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.
- risk 0.56cvss 8.6epss 0.00
PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream() with follow_redirects=True. An attacker who…
- risk 0.56cvss 8.6epss 0.00
Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations.…
- risk 0.56cvss 8.6epss 0.00
External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an…
- risk 0.56cvss 8.6epss 0.00
Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subscriptions could be potentially impacted if their Metabase is colocated with other unsecured resources. This vulnerability is fixed in…
- risk 0.56cvss 8.6epss 0.00
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker…
- risk 0.56cvss 8.6epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Server Side Request Forgery. This issue affects Pik Online: before 3.1.5.
- risk 0.56cvss 8.6epss 0.00
Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.
- risk 0.56cvss 8.6epss 0.00
CWE-918 Server-Side Request Forgery (SSRF)
- risk 0.56cvss 8.6epss 0.00
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. (CWE-918) Hitachi Vantara Pentaho Business Analytics…
- risk 0.56cvss 8.6epss 0.00
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer Lexmark devices.
- risk 0.56cvss 9.1epss 0.18
I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php
- risk 0.56cvss 8.6epss 0.02
The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC.
- risk 0.56cvss 8.6epss 0.01
In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF.
- risk 0.56cvss 8.6epss 0.01
The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.