CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4615 vulnerabilities reference this CWE, most recent first.
CVE-2026-30844 (GCVE-0-2026-30844)
Vulnerability from cvelistv5 – Published: 2026-03-06 19:33 – Updated: 2026-03-09 20:34- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://securitylab.github.com/advisories/GHSL-20… | x_refsource_CONFIRM |
| https://github.com/wekan/wekan/commit/62216e36c15… | x_refsource_MISC |
| https://github.com/wekan/wekan/releases/tag/v8.34 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30844",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T20:26:22.860996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T20:34:20.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Wekan",
"vendor": "Wekan",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.32, \u003c 8.34"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery (SSRF) via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or filtering, affecting both the Wekan and Trello import flows. The parseActivities() and parseActions() methods extract user-controlled attachment URLs, which are then passed directly to Attachments.load() for download with no sanitization. This Server-Side Request Forgery (SSRF) vulnerability allows any authenticated user to make the server issue arbitrary HTTP requests, potentially accessing internal network services such as cloud instance metadata endpoints (exposing IAM credentials), internal databases, and admin panels that are otherwise unreachable from outside the network. This issue has been fixed in version 8.34."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T19:33:06.328Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2026-045_Wekan/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2026-045_Wekan/"
},
{
"name": "https://github.com/wekan/wekan/commit/62216e36c15f55d4ef6cb97313db3aa54fc77fe0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wekan/wekan/commit/62216e36c15f55d4ef6cb97313db3aa54fc77fe0"
},
{
"name": "https://github.com/wekan/wekan/releases/tag/v8.34",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wekan/wekan/releases/tag/v8.34"
}
],
"source": {
"advisory": "GHSA-7j27-3j3q-fm5w",
"discovery": "UNKNOWN"
},
"title": "Wekan Vulnerable to SSRF through Lack of Validation or Filtering in Attachment URL Loading"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-30844",
"datePublished": "2026-03-06T19:33:06.328Z",
"dateReserved": "2026-03-05T21:27:35.341Z",
"dateUpdated": "2026-03-09T20:34:20.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30840 (GCVE-0-2026-30840)
Vulnerability from cvelistv5 – Published: 2026-03-07 05:39 – Updated: 2026-03-09 20:24| URL | Tags |
|---|---|
| https://github.com/ellite/Wallos/security/advisor… | x_refsource_CONFIRM |
| https://github.com/ellite/Wallos/commit/e8a513591… | x_refsource_MISC |
| https://github.com/ellite/Wallos/releases/tag/v4.6.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30840",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T20:16:53.418478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T20:24:17.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Wallos",
"vendor": "ellite",
"versions": [
{
"status": "affected",
"version": "\u003c 4.6.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, there is a server-side request forgery vulnerability in notification testers. This issue has been patched in version 4.6.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-07T05:39:40.854Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ellite/Wallos/security/advisories/GHSA-mr2c-prqv-hqm8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ellite/Wallos/security/advisories/GHSA-mr2c-prqv-hqm8"
},
{
"name": "https://github.com/ellite/Wallos/commit/e8a513591dbbf885966e2ef55c38622785b9060d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ellite/Wallos/commit/e8a513591dbbf885966e2ef55c38622785b9060d"
},
{
"name": "https://github.com/ellite/Wallos/releases/tag/v4.6.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ellite/Wallos/releases/tag/v4.6.2"
}
],
"source": {
"advisory": "GHSA-mr2c-prqv-hqm8",
"discovery": "UNKNOWN"
},
"title": "Wallos: Server-Side Request Forgery (SSRF) in Notification Testers"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-30840",
"datePublished": "2026-03-07T05:39:40.854Z",
"dateReserved": "2026-03-05T21:06:44.606Z",
"dateUpdated": "2026-03-09T20:24:17.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30839 (GCVE-0-2026-30839)
Vulnerability from cvelistv5 – Published: 2026-03-07 05:29 – Updated: 2026-03-09 20:24- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/ellite/Wallos/security/advisor… | x_refsource_CONFIRM |
| https://github.com/ellite/Wallos/commit/e8a513591… | x_refsource_MISC |
| https://github.com/ellite/Wallos/releases/tag/v4.6.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T20:17:31.328232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T20:24:17.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Wallos",
"vendor": "ellite",
"versions": [
{
"status": "affected",
"version": "\u003c 4.6.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, testwebhooknotifications.php does not validate the target URL against private/reserved IP ranges, enabling full-read SSRF. The server response is returned to the caller. This issue has been patched in version 4.6.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-07T05:29:55.381Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ellite/Wallos/security/advisories/GHSA-x4qp-xm2c-vqg9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ellite/Wallos/security/advisories/GHSA-x4qp-xm2c-vqg9"
},
{
"name": "https://github.com/ellite/Wallos/commit/e8a513591dbbf885966e2ef55c38622785b9060d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ellite/Wallos/commit/e8a513591dbbf885966e2ef55c38622785b9060d"
},
{
"name": "https://github.com/ellite/Wallos/releases/tag/v4.6.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ellite/Wallos/releases/tag/v4.6.2"
}
],
"source": {
"advisory": "GHSA-x4qp-xm2c-vqg9",
"discovery": "UNKNOWN"
},
"title": "Wallos: SSRF via webhook test endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-30839",
"datePublished": "2026-03-07T05:29:55.381Z",
"dateReserved": "2026-03-05T21:06:44.606Z",
"dateUpdated": "2026-03-09T20:24:17.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30834 (GCVE-0-2026-30834)
Vulnerability from cvelistv5 – Published: 2026-03-07 15:36 – Updated: 2026-03-10 17:30- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/pinchtab/pinchtab/security/adv… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30834",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T17:30:03.844960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T17:30:48.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pinchtab",
"vendor": "pinchtab",
"versions": [
{
"status": "affected",
"version": "\u003c 0.7.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7, a Server-Side Request Forgery (SSRF) vulnerability in the /download endpoint allows any user with API access to induce the PinchTab server to make requests to arbitrary URLs, including internal network services and local system files, and exfiltrate the full response content. This issue has been patched in version 0.7.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-07T15:36:30.036Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-rw8p-c6hf-q3pg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-rw8p-c6hf-q3pg"
}
],
"source": {
"advisory": "GHSA-rw8p-c6hf-q3pg",
"discovery": "UNKNOWN"
},
"title": "PinchTab: SSRF with Full Response Exfiltration via Download Handler"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-30834",
"datePublished": "2026-03-07T15:36:30.036Z",
"dateReserved": "2026-03-05T21:06:44.606Z",
"dateUpdated": "2026-03-10T17:30:48.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30832 (GCVE-0-2026-30832)
Vulnerability from cvelistv5 – Published: 2026-03-07 15:57 – Updated: 2026-03-09 18:26- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/charmbracelet/soft-serve/secur… | x_refsource_CONFIRM |
| https://github.com/charmbracelet/soft-serve/commi… | x_refsource_MISC |
| https://github.com/charmbracelet/soft-serve/relea… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| charmbracelet | soft-serve |
Affected:
>= 0.6.0, < 0.11.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30832",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T17:52:27.217761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T18:26:21.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "soft-serve",
"vendor": "charmbracelet",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.6.0, \u003c 0.11.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is blind (the response from a metadata endpoint won\u0027t parse as valid LFS JSON), but an attacker hosting a fake LFS server can chain this into full read access to internal services by returning download URLs that point at internal targets. This issue has been patched in version 0.11.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-07T15:57:39.158Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-3fvx-xrxq-8jvv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-3fvx-xrxq-8jvv"
},
{
"name": "https://github.com/charmbracelet/soft-serve/commit/3ef660098ab37a7950457da8ecc25b516e37ce4e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/charmbracelet/soft-serve/commit/3ef660098ab37a7950457da8ecc25b516e37ce4e"
},
{
"name": "https://github.com/charmbracelet/soft-serve/releases/tag/v0.11.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/charmbracelet/soft-serve/releases/tag/v0.11.4"
}
],
"source": {
"advisory": "GHSA-3fvx-xrxq-8jvv",
"discovery": "UNKNOWN"
},
"title": "Soft Serve: SSRF via unvalidated LFS endpoint in repo import"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-30832",
"datePublished": "2026-03-07T15:57:39.158Z",
"dateReserved": "2026-03-05T21:06:44.606Z",
"dateUpdated": "2026-03-09T18:26:21.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30828 (GCVE-0-2026-30828)
Vulnerability from cvelistv5 – Published: 2026-03-07 05:27 – Updated: 2026-03-09 20:24| URL | Tags |
|---|---|
| https://github.com/ellite/Wallos/security/advisor… | x_refsource_CONFIRM |
| https://github.com/ellite/Wallos/commit/e8a513591… | x_refsource_MISC |
| https://github.com/ellite/Wallos/releases/tag/v4.6.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30828",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T20:18:06.828766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T20:24:17.028Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Wallos",
"vendor": "ellite",
"versions": [
{
"status": "affected",
"version": "\u003c 4.6.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, the url parameter can be used to retrieve local system files. This issue has been patched in version 4.6.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-29",
"description": "CWE-29: Path Traversal: \u0027..filename\u0027",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-07T05:32:16.857Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ellite/Wallos/security/advisories/GHSA-p7qj-669r-grvc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ellite/Wallos/security/advisories/GHSA-p7qj-669r-grvc"
},
{
"name": "https://github.com/ellite/Wallos/commit/e8a513591dbbf885966e2ef55c38622785b9060d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ellite/Wallos/commit/e8a513591dbbf885966e2ef55c38622785b9060d"
},
{
"name": "https://github.com/ellite/Wallos/releases/tag/v4.6.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ellite/Wallos/releases/tag/v4.6.2"
}
],
"source": {
"advisory": "GHSA-p7qj-669r-grvc",
"discovery": "UNKNOWN"
},
"title": "Wallos: SSRF via url parameter leading to File Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-30828",
"datePublished": "2026-03-07T05:27:13.137Z",
"dateReserved": "2026-03-05T21:06:44.606Z",
"dateUpdated": "2026-03-09T20:24:17.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30810 (GCVE-0-2026-30810)
Vulnerability from cvelistv5 – Published: 2026-05-12 15:12 – Updated: 2026-05-12 19:41- CWE-918 - Server-Side request forgery (SSRF)
| Vendor | Product | Version | |
|---|---|---|---|
| Pandora FMS | Pandora FMS |
Affected:
777 , ≤ 800
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T19:41:35.609481Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T19:41:46.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "800",
"status": "affected",
"version": "777",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro J. N\u00fa\u00f1ez-Cacho Fuentes \u003ctunelko@gmail.com\u003e"
}
],
"datePublic": "2026-05-12T15:12:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800"
}
],
"value": "Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800"
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side request forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T15:12:46.956Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v802 and v800.2"
}
],
"value": "Fixed in v802 and v800.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Server-Side Request Forgery in API Checker leads to Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2026-30810",
"datePublished": "2026-05-12T15:12:46.956Z",
"dateReserved": "2026-03-05T16:16:01.151Z",
"dateUpdated": "2026-05-12T19:41:46.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30247 (GCVE-0-2026-30247)
Vulnerability from cvelistv5 – Published: 2026-03-07 03:33 – Updated: 2026-03-09 20:54- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/Tencent/WeKnora/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30247",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T20:43:21.952235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T20:54:27.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WeKnora",
"vendor": "Tencent",
"versions": [
{
"status": "affected",
"version": "\u003c 0.2.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application\u0027s \"Import document via URL\" feature is vulnerable to Server-Side Request Forgery (SSRF) through HTTP redirects. While the backend implements comprehensive URL validation (blocking private IPs, loopback addresses, reserved hostnames, and cloud metadata endpoints), it fails to validate redirect targets. An attacker can bypass all protections by using a redirect chain, forcing the server to access internal services. Additionally, Docker-specific internal addresses like host.docker.internal are not blocked. This issue has been patched in version 0.2.12."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-07T03:33:27.140Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Tencent/WeKnora/security/advisories/GHSA-595m-wc8g-6qgc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Tencent/WeKnora/security/advisories/GHSA-595m-wc8g-6qgc"
}
],
"source": {
"advisory": "GHSA-595m-wc8g-6qgc",
"discovery": "UNKNOWN"
},
"title": "WeKnora: SSRF via Redirection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-30247",
"datePublished": "2026-03-07T03:33:27.140Z",
"dateReserved": "2026-03-04T17:23:59.799Z",
"dateUpdated": "2026-03-09T20:54:27.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30242 (GCVE-0-2026-30242)
Vulnerability from cvelistv5 – Published: 2026-03-06 21:19 – Updated: 2026-03-09 20:54- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/makeplane/plane/security/advis… | x_refsource_CONFIRM |
| https://github.com/makeplane/plane/releases/tag/v1.2.3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T20:43:39.175731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T20:54:28.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "plane",
"vendor": "makeplane",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/serializers/webhook.py only checks ip.is_loopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private/internal network addresses (10.x.x.x, 172.16.x.x, 192.168.x.x, 169.254.169.254, etc.). When webhook events fire, the server makes requests to these internal addresses and stores the response \u2014 enabling SSRF with full response read-back. This issue has been patched in version 1.2.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T21:19:24.386Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/makeplane/plane/security/advisories/GHSA-fpx8-73gf-7x73",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/makeplane/plane/security/advisories/GHSA-fpx8-73gf-7x73"
},
{
"name": "https://github.com/makeplane/plane/releases/tag/v1.2.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/makeplane/plane/releases/tag/v1.2.3"
}
],
"source": {
"advisory": "GHSA-fpx8-73gf-7x73",
"discovery": "UNKNOWN"
},
"title": "Plane: SSRF via Incomplete IP Validation in Webhook URL Serializer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-30242",
"datePublished": "2026-03-06T21:19:24.386Z",
"dateReserved": "2026-03-04T17:23:59.799Z",
"dateUpdated": "2026-03-09T20:54:28.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30232 (GCVE-0-2026-30232)
Vulnerability from cvelistv5 – Published: 2026-04-10 19:15 – Updated: 2026-04-15 15:07- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/chartbrew/chartbrew/security/a… | x_refsource_CONFIRM |
| https://github.com/chartbrew/chartbrew/commit/9c4… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T15:07:05.673255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T15:07:30.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "chartbrew",
"vendor": "chartbrew",
"versions": [
{
"status": "affected",
"version": "\u003c 4.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any IP address validation, enabling Server-Side Request Forgery attacks against internal networks and cloud metadata endpoints. This vulnerability is fixed in 4.8.5."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T19:15:11.439Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/chartbrew/chartbrew/security/advisories/GHSA-p4rg-967r-w4cv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/chartbrew/chartbrew/security/advisories/GHSA-p4rg-967r-w4cv"
},
{
"name": "https://github.com/chartbrew/chartbrew/commit/9c4a7e2b02acb25f0782bd4ac1f16407d59c2df1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/chartbrew/chartbrew/commit/9c4a7e2b02acb25f0782bd4ac1f16407d59c2df1"
}
],
"source": {
"advisory": "GHSA-p4rg-967r-w4cv",
"discovery": "UNKNOWN"
},
"title": "Chartbrew has SSRF in API Data Connection - No IP Validation on User-Provided URLs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-30232",
"datePublished": "2026-04-10T19:15:11.439Z",
"dateReserved": "2026-03-04T17:23:59.798Z",
"dateUpdated": "2026-04-15T15:07:30.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.