CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4625 vulnerabilities reference this CWE, most recent first.
GHSA-RPM8-R6FR-56F4
Vulnerability from github – Published: 2025-02-26 00:32 – Updated: 2025-02-26 00:32HCL MyCloud is affected by Improper Access Control - an unauthenticated privilege escalation vulnerability which may lead to information disclosure and potential for Server-Side Request Forgery (SSRF) and Denial of Service(DOS) attacks from unauthenticated users.
{
"affected": [],
"aliases": [
"CVE-2024-30150"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-25T23:15:10Z",
"severity": "MODERATE"
},
"details": "HCL MyCloud is affected by Improper Access Control - an unauthenticated privilege escalation vulnerability which may lead to information disclosure and potential for Server-Side Request Forgery (SSRF) and Denial of Service(DOS) attacks from unauthenticated users.",
"id": "GHSA-rpm8-r6fr-56f4",
"modified": "2025-02-26T00:32:21Z",
"published": "2025-02-26T00:32:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30150"
},
{
"type": "WEB",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0119368"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RPVQ-43PV-VPGX
Vulnerability from github – Published: 2026-01-22 18:30 – Updated: 2026-01-27 00:31Server-Side Request Forgery (SSRF) vulnerability in Marco Milesi ANAC XML Viewer anac-xml-viewer allows Server Side Request Forgery.This issue affects ANAC XML Viewer: from n/a through <= 1.8.2.
{
"affected": [],
"aliases": [
"CVE-2025-64252"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-22T17:16:00Z",
"severity": "CRITICAL"
},
"details": "Server-Side Request Forgery (SSRF) vulnerability in Marco Milesi ANAC XML Viewer anac-xml-viewer allows Server Side Request Forgery.This issue affects ANAC XML Viewer: from n/a through \u003c= 1.8.2.",
"id": "GHSA-rpvq-43pv-vpgx",
"modified": "2026-01-27T00:31:11Z",
"published": "2026-01-22T18:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64252"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/anac-xml-viewer/vulnerability/wordpress-anac-xml-viewer-plugin-1-8-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RQ8F-77G8-6FM5
Vulnerability from github – Published: 2024-11-06 00:31 – Updated: 2024-11-07 21:31An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to execute arbitrary code via a crafted script to the Add new application.
{
"affected": [],
"aliases": [
"CVE-2024-51358"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-05T23:15:04Z",
"severity": "CRITICAL"
},
"details": "An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to execute arbitrary code via a crafted script to the Add new application.",
"id": "GHSA-rq8f-77g8-6fm5",
"modified": "2024-11-07T21:31:43Z",
"published": "2024-11-06T00:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51358"
},
{
"type": "WEB",
"url": "https://github.com/Kov404/CVE-2024-51358"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RQ9C-34HQ-JQG8
Vulnerability from github – Published: 2023-01-20 12:30 – Updated: 2023-01-27 15:30An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function.
{
"affected": [],
"aliases": [
"CVE-2021-37498"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-20T12:15:00Z",
"severity": "MODERATE"
},
"details": "An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function.",
"id": "GHSA-rq9c-34hq-jqg8",
"modified": "2023-01-27T15:30:32Z",
"published": "2023-01-20T12:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37498"
},
{
"type": "WEB",
"url": "https://github.com/blakduk/Advisories/blob/main/Reprise%20License%20Manager/README.md"
},
{
"type": "WEB",
"url": "http://reprise.com"
},
{
"type": "WEB",
"url": "http://reprisesoftware.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RQJV-PX3W-V3W6
Vulnerability from github – Published: 2026-06-30 21:31 – Updated: 2026-06-30 21:31IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery (SSRF). The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker can exploit this to access internal resources including cloud metadata services (AWS/Azure/GCP IMDS), potentially exfiltrating IAM credentials and enumerating internal networks. The vulnerability can also be triggered through prompt injection in agentic workflows due to tool_mode=True exposure.
{
"affected": [],
"aliases": [
"CVE-2026-10564"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-30T20:17:27Z",
"severity": "HIGH"
},
"details": "IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery (SSRF). The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker can exploit this to access internal resources including cloud metadata services (AWS/Azure/GCP IMDS), potentially exfiltrating IAM credentials and enumerating internal networks. The vulnerability can also be triggered through prompt injection in agentic workflows due to tool_mode=True exposure.",
"id": "GHSA-rqjv-px3w-v3w6",
"modified": "2026-06-30T21:31:44Z",
"published": "2026-06-30T21:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10564"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7277995"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RQM6-JMG2-PGR4
Vulnerability from github – Published: 2025-11-06 06:31 – Updated: 2025-11-06 06:31The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
{
"affected": [],
"aliases": [
"CVE-2025-12560"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-06T06:15:44Z",
"severity": "MODERATE"
},
"details": "The Blog2Social: Social Media Auto Post \u0026 Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.",
"id": "GHSA-rqm6-jmg2-pgr4",
"modified": "2025-11-06T06:31:00Z",
"published": "2025-11-06T06:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12560"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3389636/blog2social"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ea06520-d7a9-49bb-812e-2fa2e50d0ec2?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RQMP-494M-8QGF
Vulnerability from github – Published: 2026-03-29 18:30 – Updated: 2026-03-29 18:30A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the /api/files/export-content endpoint. The _download_image_to_temp() function in backend/routers/files.py fails to validate user-controlled URLs, allowing attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints. This vulnerability can lead to internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution.
{
"affected": [],
"aliases": [
"CVE-2026-0560"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-29T18:16:14Z",
"severity": "HIGH"
},
"details": "A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function in `backend/routers/files.py` fails to validate user-controlled URLs, allowing attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints. This vulnerability can lead to internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution.",
"id": "GHSA-rqmp-494m-8qgf",
"modified": "2026-03-29T18:30:20Z",
"published": "2026-03-29T18:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0560"
},
{
"type": "WEB",
"url": "https://github.com/parisneo/lollms/commit/76a54f0df2df8a5b254aa627d487b5dc939a0263"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/65e43a5e-b902-4369-b738-1825285a3ea5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RR33-J5P5-PPF8
Vulnerability from github – Published: 2022-05-03 00:00 – Updated: 2022-05-18 19:10GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.geoserver:gs-main"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.18.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.geoserver:gs-main"
},
"ranges": [
{
"events": [
{
"introduced": "2.19.0"
},
{
"last_affected": "2.19.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-40822"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2022-05-18T19:10:33Z",
"nvd_published_at": "2022-05-02T00:15:00Z",
"severity": "HIGH"
},
"details": "GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.",
"id": "GHSA-rr33-j5p5-ppf8",
"modified": "2022-05-18T19:10:33Z",
"published": "2022-05-03T00:00:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40822"
},
{
"type": "PACKAGE",
"url": "https://github.com/geoserver/geoserver"
},
{
"type": "WEB",
"url": "https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3"
},
{
"type": "WEB",
"url": "https://github.com/geoserver/geoserver/releases"
},
{
"type": "WEB",
"url": "https://osgeo-org.atlassian.net/browse/GEOS-10229"
},
{
"type": "WEB",
"url": "https://osgeo-org.atlassian.net/browse/GEOS-10229?focusedCommentId=83508"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "GeoServer allows SSRF via the option for setting a proxy host"
}
GHSA-RRCF-FXFM-G3VR
Vulnerability from github – Published: 2023-11-13 03:30 – Updated: 2026-04-28 21:33Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing.This issue affects Motors – Car Dealer, Classifieds & Listing: from n/a through 1.4.6.
{
"affected": [],
"aliases": [
"CVE-2023-46207"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-13T03:15:09Z",
"severity": "MODERATE"
},
"details": "Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Motors \u2013 Car Dealer, Classifieds \u0026 Listing.This issue affects Motors \u2013 Car Dealer, Classifieds \u0026 Listing: from n/a through 1.4.6.",
"id": "GHSA-rrcf-fxfm-g3vr",
"modified": "2026-04-28T21:33:07Z",
"published": "2023-11-13T03:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46207"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/motors-car-dealership-classified-listings/wordpress-motors-car-dealer-classifieds-listing-plugin-1-4-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RRJM-X5M6-Q2PG
Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2023-02-04 00:30WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.
{
"affected": [],
"aliases": [
"CVE-2019-17669"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-17T13:15:00Z",
"severity": "CRITICAL"
},
"details": "WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.",
"id": "GHSA-rrjm-x5m6-q2pg",
"modified": "2023-02-04T00:30:38Z",
"published": "2022-05-24T16:59:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17669"
},
{
"type": "WEB",
"url": "https://github.com/WordPress/WordPress/commit/608d39faed63ea212b6c6cdf9fe2bef92e2120ea"
},
{
"type": "WEB",
"url": "https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html"
},
{
"type": "WEB",
"url": "https://core.trac.wordpress.org/changeset/46475"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00000.html"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2020/Jan/8"
},
{
"type": "WEB",
"url": "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release"
},
{
"type": "WEB",
"url": "https://wpvulndb.com/vulnerabilities/9912"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4599"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4677"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.