Common Weakness Enumeration

CWE-918

Allowed

Server-Side Request Forgery (SSRF)

Abstraction: Base · Status: Incomplete

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

4633 vulnerabilities reference this CWE, most recent first.

GHSA-R6M2-CJ32-WG84

Vulnerability from github – Published: 2023-10-09 09:30 – Updated: 2024-02-01 03:30
VLAI
Details

The web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default credentials for the admin, master, or user account) to include files via a URL in the /hydra/view/get_cc_url url parameter. There can be resultant SSRF.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-39854"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-09T07:15:24Z",
    "severity": "MODERATE"
  },
  "details": "The web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default credentials for the admin, master, or user account) to include files via a URL in the /hydra/view/get_cc_url url parameter. There can be resultant SSRF.",
  "id": "GHSA-r6m2-cj32-wg84",
  "modified": "2024-02-01T03:30:22Z",
  "published": "2023-10-09T09:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39854"
    },
    {
      "type": "WEB",
      "url": "https://wiki.notveg.ninja/blog/CVE-2023-39854"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R6M7-VHGH-X9QF

Vulnerability from github – Published: 2026-03-05 06:30 – Updated: 2026-03-05 21:30
VLAI
Details

Server-Side Request Forgery (SSRF) vulnerability in SkatDesign Ratatouille ratatouille allows Server Side Request Forgery.This issue affects Ratatouille: from n/a through <= 1.2.6.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-28036"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-05T06:16:36Z",
    "severity": "MODERATE"
  },
  "details": "Server-Side Request Forgery (SSRF) vulnerability in SkatDesign Ratatouille ratatouille allows Server Side Request Forgery.This issue affects Ratatouille: from n/a through \u003c= 1.2.6.",
  "id": "GHSA-r6m7-vhgh-x9qf",
  "modified": "2026-03-05T21:30:43Z",
  "published": "2026-03-05T06:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28036"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Theme/ratatouille/vulnerability/wordpress-ratatouille-theme-1-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R747-33R4-RMJW

Vulnerability from github – Published: 2026-05-06 21:31 – Updated: 2026-05-11 16:12
VLAI
Summary
Duplicate Advisory: OpenClaw: QQBot direct media upload skipped URL SSRF validation
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-c4qg-j8jg-42q5. This link is maintained to preserve external references.

Original Description

OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended requests.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.4.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-11T16:12:55Z",
    "nvd_published_at": "2026-05-06T20:16:35Z",
    "severity": "MODERATE"
  },
  "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-c4qg-j8jg-42q5. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended requests.",
  "id": "GHSA-r747-33r4-rmjw",
  "modified": "2026-05-11T16:12:55Z",
  "published": "2026-05-06T21:31:42Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c4qg-j8jg-42q5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44117"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/49db424c8001f2f419aad85f434894d8d85c1a09"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-qqbot-direct-media-upload"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Duplicate Advisory: OpenClaw: QQBot direct media upload skipped URL SSRF validation",
  "withdrawn": "2026-05-11T16:12:55Z"
}

GHSA-R7M8-874R-4G5V

Vulnerability from github – Published: 2026-03-30 21:31 – Updated: 2026-03-30 21:31
VLAI
Details

Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery (SSRF) in CheckDatabaseRequest.php.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-29925"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-30T19:16:24Z",
    "severity": "HIGH"
  },
  "details": "Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery (SSRF) in CheckDatabaseRequest.php.",
  "id": "GHSA-r7m8-874r-4g5v",
  "modified": "2026-03-30T21:31:04Z",
  "published": "2026-03-30T21:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29925"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/TrekLaps/5b2c72106d950dab0cd1897eb93200f1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/invoiceninja/invoiceninja/blob/v5-stable/app/Http/Requests/Setup/CheckDatabaseRequest.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R7QF-PRJ4-7JHP

Vulnerability from github – Published: 2022-05-14 03:38 – Updated: 2022-05-14 03:38
VLAI
Details

A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs directly.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-6201"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-06T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs directly.",
  "id": "GHSA-r7qf-prj4-7jhp",
  "modified": "2022-05-14T03:38:26Z",
  "published": "2022-05-14T03:38:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6201"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sandstorm-io/sandstorm/commit/164997fb958effbc90c5328c166706280a84aaa1"
    },
    {
      "type": "WEB",
      "url": "https://devco.re/blog/2018/01/26/Sandstorm-Security-Review-CVE-2017-6200-en"
    },
    {
      "type": "WEB",
      "url": "https://sandstorm.io/news/2017-03-02-security-review"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R7W5-7G5J-XMXJ

Vulnerability from github – Published: 2023-10-23 21:30 – Updated: 2024-04-04 08:53
VLAI
Details

umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-45966"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-23T21:15:08Z",
    "severity": "HIGH"
  },
  "details": "umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability.",
  "id": "GHSA-r7w5-7g5j-xmxj",
  "modified": "2024-04-04T08:53:37Z",
  "published": "2023-10-23T21:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45966"
    },
    {
      "type": "WEB",
      "url": "https://github.com/umputun/remark42/issues/1677"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jet-pentest/CVE-2023-45966"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R7W7-9XR2-QQ2R

Vulnerability from github – Published: 2026-04-16 23:00 – Updated: 2026-06-06 00:59
VLAI
Summary
langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding
Details

Summary

langchain-openai's _url_to_size() helper (used by get_num_tokens_from_messages for image token counting) validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS resolution. This left a TOCTOU / DNS rebinding window: an attacker-controlled hostname could resolve to a public IP during validation and then to a private/localhost IP during the actual fetch.

The practical impact is limited because the fetched response body is passed directly to Pillow's Image.open() to extract dimensions — the response content is never returned, logged, or otherwise exposed to the caller. An attacker cannot exfiltrate data from internal services through this path. A potential risk is blind probing (inferring whether an internal host/port is open based on timing or error behavior).

Affected versions

  • langchain-openai < 1.1.14

Patched versions

  • langchain-openai >= 1.1.14 (requires langchain-core >= 1.2.31)

Affected code

File: libs/partners/openai/langchain_openai/chat_models/base.py_url_to_size()

The vulnerable pattern was a validate-then-fetch with separate DNS resolution:

validate_safe_url(image_source, allow_private=False, allow_http=True)
# ... separate network operation with independent DNS resolution ...
response = httpx.get(image_source, timeout=timeout)

Fix

The fix replaces the validate-then-fetch pattern with an SSRF-safe httpx transport (SSRFSafeSyncTransport from langchain-core) that:

  • Resolves DNS once and validates all returned IPs against a policy (private ranges, cloud metadata, localhost, k8s internal DNS)
  • Pins the connection to the validated IP, eliminating the DNS rebinding window
  • Disables redirect following to prevent redirect-based SSRF bypasses

This fix was released in langchain-openai 1.1.14.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "langchain-openai"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41488"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-16T23:00:12Z",
    "nvd_published_at": "2026-04-24T21:16:19Z",
    "severity": "LOW"
  },
  "details": "## Summary\n\n`langchain-openai`\u0027s `_url_to_size()` helper (used by `get_num_tokens_from_messages` for image token counting) validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS resolution. This left a TOCTOU / DNS rebinding window: an attacker-controlled hostname could resolve to a public IP during validation and then to a private/localhost IP during the actual fetch.\n\nThe practical impact is limited because the fetched response body is passed directly to Pillow\u0027s `Image.open()` to extract dimensions \u2014 the response content is never returned, logged, or otherwise exposed to the caller. An attacker cannot exfiltrate data from internal services through this path. A potential risk is blind probing (inferring whether an internal host/port is open based on timing or error behavior).\n\n## Affected versions\n\n- `langchain-openai` \u003c 1.1.14\n\n## Patched versions\n\n- `langchain-openai` \u003e= 1.1.14 (requires `langchain-core` \u003e= 1.2.31)\n\n## Affected code\n\n**File:** `libs/partners/openai/langchain_openai/chat_models/base.py` \u2014 `_url_to_size()`\n\nThe vulnerable pattern was a validate-then-fetch with separate DNS resolution:\n\n```python\nvalidate_safe_url(image_source, allow_private=False, allow_http=True)\n# ... separate network operation with independent DNS resolution ...\nresponse = httpx.get(image_source, timeout=timeout)\n```\n\n## Fix\n\nThe fix replaces the validate-then-fetch pattern with an SSRF-safe httpx transport (`SSRFSafeSyncTransport` from `langchain-core`) that:\n\n- Resolves DNS once and validates all returned IPs against a policy (private ranges, cloud metadata, localhost, k8s internal DNS)\n- Pins the connection to the validated IP, eliminating the DNS rebinding window\n- Disables redirect following to prevent redirect-based SSRF bypasses\n\nThis fix was released in langchain-openai 1.1.14.",
  "id": "GHSA-r7w7-9xr2-qq2r",
  "modified": "2026-06-06T00:59:02Z",
  "published": "2026-04-16T23:00:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/langchain-ai/langchain/security/advisories/GHSA-r7w7-9xr2-qq2r"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41488"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/langchain-ai/langchain"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/langchain-openai/PYSEC-2026-76.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding"
}

GHSA-R7WF-XJ64-53F2

Vulnerability from github – Published: 2025-10-24 00:30 – Updated: 2025-10-24 00:30
VLAI
Details

Server-side request forgery (ssrf) in Azure Compute Gallery allows an authorized attacker to elevate privileges over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59503"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-23T22:15:48Z",
    "severity": "CRITICAL"
  },
  "details": "Server-side request forgery (ssrf) in Azure Compute Gallery allows an authorized attacker to elevate privileges over a network.",
  "id": "GHSA-r7wf-xj64-53f2",
  "modified": "2025-10-24T00:30:52Z",
  "published": "2025-10-24T00:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59503"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59503"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R826-HJQ2-M422

Vulnerability from github – Published: 2025-12-16 09:31 – Updated: 2026-01-20 15:32
VLAI
Details

Server-Side Request Forgery (SSRF) vulnerability in LMPixels Kerge kerge allows Server Side Request Forgery.This issue affects Kerge: from n/a through <= 4.1.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-67989"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-16T09:16:00Z",
    "severity": "MODERATE"
  },
  "details": "Server-Side Request Forgery (SSRF) vulnerability in LMPixels Kerge kerge allows Server Side Request Forgery.This issue affects Kerge: from n/a through \u003c= 4.1.3.",
  "id": "GHSA-r826-hjq2-m422",
  "modified": "2026-01-20T15:32:16Z",
  "published": "2025-12-16T09:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67989"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Theme/kerge/vulnerability/wordpress-kerge-theme-4-1-3-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://vdp.patchstack.com/database/Wordpress/Theme/kerge/vulnerability/wordpress-kerge-theme-4-1-3-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R865-X64G-F9MM

Vulnerability from github – Published: 2026-06-26 09:30 – Updated: 2026-06-26 09:30
VLAI
Details

The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated requests.

Successful exploitation allows an unauthenticated attacker to control the destination of server-initiated requests originating from the WSO2 API Manager. This direct control can enable unauthorized access to internal network resources or services that would typically be inaccessible from external networks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-2053"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-26T08:16:21Z",
    "severity": "HIGH"
  },
  "details": "The WSO2 API Manager\u0027s message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated requests.\n\nSuccessful exploitation allows an unauthenticated attacker to control the destination of server-initiated requests originating from the WSO2 API Manager. This direct control can enable unauthorized access to internal network resources or services that would typically be inaccessible from external networks.",
  "id": "GHSA-r865-x64g-f9mm",
  "modified": "2026-06-26T09:30:46Z",
  "published": "2026-06-26T09:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2053"
    },
    {
      "type": "WEB",
      "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2026-5072"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-664: Server Side Request Forgery

An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.