CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4625 vulnerabilities reference this CWE, most recent first.
CVE-2026-15750 (GCVE-0-2026-15750)
Vulnerability from cvelistv5 – Published: 2026-07-14 21:30 – Updated: 2026-07-15 12:44- CWE-918 - Server-Side Request Forgery
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/378329 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/378329/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15750 | third-party-advisory |
| https://vuldb.com/submit/856633 | third-party-advisory |
| https://github.com/mastergo-design/mastergo-magic… | exploitissue-tracking |
| https://github.com/mastergo-design/mastergo-magic-mcp/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| mastergo-design | mastergo-magic-mcp |
Affected:
0.1
Affected: 0.2.0 cpe:2.3:a:mastergo-design:mastergo-magic-mcp:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15750",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-15T12:44:43.686782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T12:44:54.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mastergo-design:mastergo-magic-mcp:*:*:*:*:*:*:*:*"
],
"modules": [
"mcp__getComponentLink"
],
"product": "mastergo-magic-mcp",
"vendor": "mastergo-design",
"versions": [
{
"status": "affected",
"version": "0.1"
},
{
"status": "affected",
"version": "0.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mcfly_Zhang (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in mastergo-design mastergo-magic-mcp up to 0.2.0. Impacted is the function z.string of the file src/tools/get-component-link.ts of the component mcp__getComponentLink. Executing a manipulation of the argument url can lead to server-side request forgery. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T21:30:08.566Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-378329 | mastergo-design mastergo-magic-mcp mcp__getComponentLink get-component-link.ts z.string server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/378329"
},
{
"name": "VDB-378329 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/378329/cti"
},
{
"name": "CVE-2026-15750 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15750"
},
{
"name": "Submit #856633 | mastergo-design mastergo-magic-mcp 0.2.0 Server-Side Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/856633"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mastergo-design/mastergo-magic-mcp/issues/89"
},
{
"tags": [
"product"
],
"url": "https://github.com/mastergo-design/mastergo-magic-mcp/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-14T17:44:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "mastergo-design mastergo-magic-mcp mcp__getComponentLink get-component-link.ts z.string server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15750",
"datePublished": "2026-07-14T21:30:08.566Z",
"dateReserved": "2026-07-14T15:39:47.644Z",
"dateUpdated": "2026-07-15T12:44:54.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15746 (GCVE-0-2026-15746)
Vulnerability from cvelistv5 – Published: 2026-07-15 18:35 – Updated: 2026-07-15 18:54- CWE-918 - Server-Side request forgery (SSRF)
| URL | Tags |
|---|---|
| https://pypi.org/project/strands-agents-tools/0.7.0/ | release-notes |
| https://aws.amazon.com/security/security-bulletin… | vendor-advisory |
| https://github.com/strands-agents/tools/security/… | release-notespatch |
| Vendor | Product | Version | |
|---|---|---|---|
| Amazon | strands-agents-tools |
Affected:
0 , < 0.7.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-15T18:54:16.974385Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T18:54:31.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "strands-agents-tools",
"vendor": "Amazon",
"versions": [
{
"lessThan": "0.7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amazon:strands-agents-tools:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.7.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eStrands Agents is an open-source Python SDK for building and running AI agents. The strands-agents-tools package provides pre-built tools for use with the SDK, including the elasticsearch_memory tool for agent memory storage. We identified CVE-2026-15746, a server-side request forgery (SSRF) issue in the elasticsearch_memory tool. The tool exposed its connection parameters (es_url, cloud_id, api_key) as fields the large language model (LLM) could control through the tool schema. When a caller omitted the api_key parameter, the tool fell back to the operator\u0027s ELASTICSEARCH_API_KEY environment variable and sent it to whichever host the LLM specified. A crafted prompt could cause the tool to connect to a threat-actor-controlled server and disclose the operator\u0027s Elasticsearch API key in the Authorization header.\u003c/p\u003e\u003cp\u003eWe recommend you upgrade to strands-agents-tools version 0.7.0 or later. As a precautionary measure, we recommend all operators rotate their \u003ccode\u003eELASTICSEARCH_API_KEY\u003c/code\u003e, even if there is no indication the credential was exposed.\u003c/p\u003e"
}
],
"value": "Strands Agents is an open-source Python SDK for building and running AI agents. The strands-agents-tools package provides pre-built tools for use with the SDK, including the elasticsearch_memory tool for agent memory storage. We identified CVE-2026-15746, a server-side request forgery (SSRF) issue in the elasticsearch_memory tool. The tool exposed its connection parameters (es_url, cloud_id, api_key) as fields the large language model (LLM) could control through the tool schema. When a caller omitted the api_key parameter, the tool fell back to the operator\u0027s ELASTICSEARCH_API_KEY environment variable and sent it to whichever host the LLM specified. A crafted prompt could cause the tool to connect to a threat-actor-controlled server and disclose the operator\u0027s Elasticsearch API key in the Authorization header.\n\n\n\nWe recommend you upgrade to strands-agents-tools version 0.7.0 or later. As a precautionary measure, we recommend all operators rotate their ELASTICSEARCH_API_KEY, even if there is no indication the credential was exposed."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side request forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T18:45:44.627Z",
"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"shortName": "AMZN"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://pypi.org/project/strands-agents-tools/0.7.0/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/2026-056-aws/"
},
{
"tags": [
"release-notes",
"patch"
],
"url": "https://github.com/strands-agents/tools/security/advisories/GHSA-ppcf-fpr3-x46v"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Credential disclosure in Strands Agents Tools elasticsearch_memory tool",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"assignerShortName": "AMZN",
"cveId": "CVE-2026-15746",
"datePublished": "2026-07-15T18:35:47.382Z",
"dateReserved": "2026-07-14T14:55:13.322Z",
"dateUpdated": "2026-07-15T18:54:31.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15668 (GCVE-0-2026-15668)
Vulnerability from cvelistv5 – Published: 2026-07-14 04:00 – Updated: 2026-07-15 14:47- CWE-918 - Server-Side Request Forgery
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/378162 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/378162/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15668 | third-party-advisory |
| https://vuldb.com/submit/855866 | third-party-advisory |
| https://github.com/louisho5/picobot/issues/41 | exploitissue-tracking |
| https://github.com/louisho5/picobot/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15668",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-15T14:47:38.852891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T14:47:51.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/855866"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:louisho5:picobot:*:*:*:*:*:*:*:*"
],
"modules": [
"web Tool"
],
"product": "picobot",
"vendor": "louisho5",
"versions": [
{
"status": "affected",
"version": "0.1"
},
{
"status": "affected",
"version": "0.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-h (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T04:00:11.940Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-378162 | louisho5 picobot web Tool web.go WebTool.Execute server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/378162"
},
{
"name": "VDB-378162 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/378162/cti"
},
{
"name": "CVE-2026-15668 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15668"
},
{
"name": "Submit #855866 | louisho5 picobot 0.2.0 Server-Side Request Forgery (SSRF) (CWE-918)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/855866"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/louisho5/picobot/issues/41"
},
{
"tags": [
"product"
],
"url": "https://github.com/louisho5/picobot/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-13T23:17:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "louisho5 picobot web Tool web.go WebTool.Execute server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15668",
"datePublished": "2026-07-14T04:00:11.940Z",
"dateReserved": "2026-07-13T21:12:07.140Z",
"dateUpdated": "2026-07-15T14:47:51.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15643 (GCVE-0-2026-15643)
Vulnerability from cvelistv5 – Published: 2026-07-14 20:03 – Updated: 2026-07-15 14:22- CWE-918 - Server-Side request forgery (SSRF)
| URL | Tags |
|---|---|
| https://pypi.org/project/awslabs.healthlake-mcp-s… | release-notes |
| https://aws.amazon.com/security/security-bulletin… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| AWS | awslabs.healthlake-mcp-server |
Affected:
0 , < 0.0.14
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15643",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-15T14:21:52.824967Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T14:22:10.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "awslabs.healthlake-mcp-server",
"vendor": "AWS",
"versions": [
{
"lessThan": "0.0.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aws:awslabs.healthlake-mcp-server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.0.14",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan\u003eAWS HealthLake MCP Server (awslabs.healthlake-mcp-server) is a Model Context Protocol server that enables AI assistants to interact with AWS HealthLake FHIR datastores.\u0026nbsp;\u003c/span\u003eA server-side request forgery in the pagination handling component in AWS awslabs.healthlake-mcp-server before 0.0.14 on all platforms might allow a remote authenticated user to exfiltrate AWS temporary security credentials to an arbitrary endpoint via a crafted next_token parameter. The server does not validate that pagination URLs point back to the expected HealthLake endpoint, allowing an actor to redirect subsequent requests to an actor-controlled server.\u003c/p\u003e\u003cp\u003eIts recommended to upgrade to version 0.0.14 or later.\u003c/p\u003e"
}
],
"value": "AWS HealthLake MCP Server (awslabs.healthlake-mcp-server) is a Model Context Protocol server that enables AI assistants to interact with AWS HealthLake FHIR datastores.\u00a0A server-side request forgery in the pagination handling component in AWS awslabs.healthlake-mcp-server before 0.0.14 on all platforms might allow a remote authenticated user to exfiltrate AWS temporary security credentials to an arbitrary endpoint via a crafted next_token parameter. The server does not validate that pagination URLs point back to the expected HealthLake endpoint, allowing an actor to redirect subsequent requests to an actor-controlled server.\n\n\n\nIts recommended to upgrade to version 0.0.14 or later."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side request forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T20:03:58.729Z",
"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"shortName": "AMZN"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://pypi.org/project/awslabs.healthlake-mcp-server/0.0.14/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/2026-054-aws/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AWS HealthLake MCP Server SSRF via Pagination URL",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"assignerShortName": "AMZN",
"cveId": "CVE-2026-15643",
"datePublished": "2026-07-14T20:03:58.729Z",
"dateReserved": "2026-07-13T18:48:24.351Z",
"dateUpdated": "2026-07-15T14:22:10.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15628 (GCVE-0-2026-15628)
Vulnerability from cvelistv5 – Published: 2026-07-14 03:00 – Updated: 2026-07-14 12:42 X_Open Source- CWE-918 - Server-Side Request Forgery
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/378130 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/378130/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15628 | third-party-advisory |
| https://vuldb.com/submit/855849 | third-party-advisory |
| https://github.com/zhayujie/CowAgent/issues/2878 | exploitissue-tracking |
| https://github.com/zhayujie/CowAgent/pull/2886 | issue-trackingpatch |
| https://github.com/zhayujie/CowAgent/commit/e8529… | patch |
| https://github.com/zhayujie/CowAgent/releases/tag/2.1.2 | patch |
| Vendor | Product | Version | |
|---|---|---|---|
| zhayujie | chatgpt-on-wechat CowAgent |
Affected:
2.1.0
Affected: 2.1.1 Unaffected: 2.1.2 cpe:2.3:a:zhayujie:chatgpt-on-wechat_cowagent:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15628",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T12:42:03.501980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T12:42:17.436Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:zhayujie:chatgpt-on-wechat_cowagent:*:*:*:*:*:*:*:*"
],
"modules": [
"Vision Tool"
],
"product": "chatgpt-on-wechat CowAgent",
"vendor": "zhayujie",
"versions": [
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.1.1"
},
{
"status": "unaffected",
"version": "2.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-e (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in zhayujie chatgpt-on-wechat CowAgent up to 2.1.1. This issue affects the function Vision._download_to_data_url of the file agent/tools/vision/vision.py of the component Vision Tool. Performing a manipulation of the argument image results in server-side request forgery. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 2.1.2 is capable of addressing this issue. The patch is named e85290cddcbb5ffc9c235927f4c92e5b4c3ec264. The affected component should be upgraded."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T03:00:11.144Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-378130 | zhayujie chatgpt-on-wechat CowAgent Vision Tool vision.py Vision._download_to_data_url server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/378130"
},
{
"name": "VDB-378130 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/378130/cti"
},
{
"name": "CVE-2026-15628 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15628"
},
{
"name": "Submit #855849 | zhayujie chatgpt-on-wechat 2.1.0 Server-Side Request Forgery (SSRF) (CWE-918)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/855849"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/zhayujie/CowAgent/issues/2878"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/zhayujie/CowAgent/pull/2886"
},
{
"tags": [
"patch"
],
"url": "https://github.com/zhayujie/CowAgent/commit/e85290cddcbb5ffc9c235927f4c92e5b4c3ec264"
},
{
"tags": [
"patch"
],
"url": "https://github.com/zhayujie/CowAgent/releases/tag/2.1.2"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-07-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-13T19:33:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "zhayujie chatgpt-on-wechat CowAgent Vision Tool vision.py Vision._download_to_data_url server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15628",
"datePublished": "2026-07-14T03:00:11.144Z",
"dateReserved": "2026-07-13T17:28:11.050Z",
"dateUpdated": "2026-07-14T12:42:17.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15624 (GCVE-0-2026-15624)
Vulnerability from cvelistv5 – Published: 2026-07-14 01:30 – Updated: 2026-07-15 14:53- CWE-918 - Server-Side Request Forgery
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/378126 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/378126/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15624 | third-party-advisory |
| https://vuldb.com/submit/855798 | third-party-advisory |
| https://github.com/nextlevelbuilder/goclaw/issues/1199 | exploitissue-tracking |
| https://github.com/nextlevelbuilder/goclaw/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| nextlevelbuilder | GoClaw |
Affected:
3.13.3-beta.3
cpe:2.3:a:nextlevelbuilder:goclaw:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15624",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-15T14:53:27.888709Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T14:53:36.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/855798"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:nextlevelbuilder:goclaw:*:*:*:*:*:*:*:*"
],
"modules": [
"invoke Endpoint"
],
"product": "GoClaw",
"vendor": "nextlevelbuilder",
"versions": [
{
"status": "affected",
"version": "3.13.3-beta.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-b (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in nextlevelbuilder GoClaw 3.13.3-beta.3. Affected by this vulnerability is the function bytePlusDownloadVideo of the file internal/tools/create_video_byteplus.go of the component invoke Endpoint. The manipulation of the argument output.video_url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T01:30:09.483Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-378126 | nextlevelbuilder GoClaw invoke Endpoint create_video_byteplus.go bytePlusDownloadVideo server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/378126"
},
{
"name": "VDB-378126 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/378126/cti"
},
{
"name": "CVE-2026-15624 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15624"
},
{
"name": "Submit #855798 | nextlevelbuilder GoClaw 3.13.3-beta.3 Server-Side Request Forgery (CWE-918)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/855798"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/nextlevelbuilder/goclaw/issues/1199"
},
{
"tags": [
"product"
],
"url": "https://github.com/nextlevelbuilder/goclaw/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-13T19:28:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "nextlevelbuilder GoClaw invoke Endpoint create_video_byteplus.go bytePlusDownloadVideo server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15624",
"datePublished": "2026-07-14T01:30:09.483Z",
"dateReserved": "2026-07-13T17:23:38.145Z",
"dateUpdated": "2026-07-15T14:53:36.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15620 (GCVE-0-2026-15620)
Vulnerability from cvelistv5 – Published: 2026-07-14 00:15 – Updated: 2026-07-14 14:30- CWE-918 - Server-Side Request Forgery
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/378123 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/378123/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15620 | third-party-advisory |
| https://vuldb.com/submit/855795 | third-party-advisory |
| https://github.com/mosaxiv/clawlet/issues/14 | exploitissue-tracking |
| https://github.com/mosaxiv/clawlet/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15620",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T13:02:01.018585Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T14:30:34.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*"
],
"product": "clawlet",
"vendor": "mosaxiv",
"versions": [
{
"status": "affected",
"version": "0.2.0"
},
{
"status": "affected",
"version": "0.2.1"
},
{
"status": "affected",
"version": "0.2.2"
},
{
"status": "affected",
"version": "0.2.3"
},
{
"status": "affected",
"version": "0.2.4"
},
{
"status": "affected",
"version": "0.2.5"
},
{
"status": "affected",
"version": "0.2.6"
},
{
"status": "affected",
"version": "0.2.7"
},
{
"status": "affected",
"version": "0.2.8"
},
{
"status": "affected",
"version": "0.2.9"
},
{
"status": "affected",
"version": "0.2.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-b (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/tool_web_fetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The reported GitHub issue was closed with the label \"not planned\"."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T00:15:08.152Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-378123 | mosaxiv clawlet tool_web_fetch.go tools.webFetch server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/378123"
},
{
"name": "VDB-378123 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/378123/cti"
},
{
"name": "CVE-2026-15620 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15620"
},
{
"name": "Submit #855795 | mosaxiv clawlet 0.2.10 Server-Side Request Forgery (SSRF) (CWE-918)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/855795"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mosaxiv/clawlet/issues/14"
},
{
"tags": [
"product"
],
"url": "https://github.com/mosaxiv/clawlet/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-13T19:02:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "mosaxiv clawlet tool_web_fetch.go tools.webFetch server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15620",
"datePublished": "2026-07-14T00:15:08.152Z",
"dateReserved": "2026-07-13T16:57:38.543Z",
"dateUpdated": "2026-07-14T14:30:34.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15619 (GCVE-0-2026-15619)
Vulnerability from cvelistv5 – Published: 2026-07-14 00:00 – Updated: 2026-07-15 14:29- CWE-918 - Server-Side Request Forgery
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/378122 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/378122/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15619 | third-party-advisory |
| https://vuldb.com/submit/855793 | third-party-advisory |
| https://github.com/mosaxiv/clawlet/issues/13 | exploitissue-tracking |
| https://github.com/mosaxiv/clawlet/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15619",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-15T14:29:24.661853Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T14:29:41.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*"
],
"modules": [
"IPv4 Handler"
],
"product": "clawlet",
"vendor": "mosaxiv",
"versions": [
{
"status": "affected",
"version": "0.2.0"
},
{
"status": "affected",
"version": "0.2.1"
},
{
"status": "affected",
"version": "0.2.2"
},
{
"status": "affected",
"version": "0.2.3"
},
{
"status": "affected",
"version": "0.2.4"
},
{
"status": "affected",
"version": "0.2.5"
},
{
"status": "affected",
"version": "0.2.6"
},
{
"status": "affected",
"version": "0.2.7"
},
{
"status": "affected",
"version": "0.2.8"
},
{
"status": "affected",
"version": "0.2.9"
},
{
"status": "affected",
"version": "0.2.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-b (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function web_fetch of the file tools/tool_web_fetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The reported GitHub issue was closed with the label \"not planned\"."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T00:00:12.931Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-378122 | mosaxiv clawlet IPv4 tool_web_fetch.go web_fetch server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/378122"
},
{
"name": "VDB-378122 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/378122/cti"
},
{
"name": "CVE-2026-15619 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15619"
},
{
"name": "Submit #855793 | mosaxiv clawlet 0.2.10 Server-Side Request Forgery (SSRF) (CWE-918)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/855793"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mosaxiv/clawlet/issues/13"
},
{
"tags": [
"product"
],
"url": "https://github.com/mosaxiv/clawlet/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-13T19:02:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "mosaxiv clawlet IPv4 tool_web_fetch.go web_fetch server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15619",
"datePublished": "2026-07-14T00:00:12.931Z",
"dateReserved": "2026-07-13T16:57:35.760Z",
"dateUpdated": "2026-07-15T14:29:41.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15525 (GCVE-0-2026-15525)
Vulnerability from cvelistv5 – Published: 2026-07-13 02:30 – Updated: 2026-07-13 15:26 X_Open Source- CWE-918 - Server-Side Request Forgery
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/377854 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/377854/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15525 | third-party-advisory |
| https://vuldb.com/submit/854528 | third-party-advisory |
| https://github.com/kLOsk/adloop/issues/41 | exploitissue-tracking |
| https://github.com/kLOsk/adloop/commit/217399723e… | patch |
| https://github.com/kLOsk/adloop/releases/tag/v0.10.0 | patch |
| https://github.com/kLOsk/adloop/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15525",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-13T15:26:07.904133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T15:26:18.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:klosk:adloop:*:*:*:*:*:*:*:*"
],
"product": "adloop",
"vendor": "kLOsk",
"versions": [
{
"status": "affected",
"version": "0.1"
},
{
"status": "affected",
"version": "0.2"
},
{
"status": "affected",
"version": "0.3"
},
{
"status": "affected",
"version": "0.4"
},
{
"status": "affected",
"version": "0.5"
},
{
"status": "affected",
"version": "0.6"
},
{
"status": "affected",
"version": "0.7"
},
{
"status": "affected",
"version": "0.8"
},
{
"status": "affected",
"version": "0.9.0"
},
{
"status": "unaffected",
"version": "0.10.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mcfly_Zhang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in kLOsk adloop up to 0.9.0. This vulnerability affects the function _validate_urls of the file src/adloop/ads/write.py. Performing a manipulation of the argument final_url results in server-side request forgery. The attack may be initiated remotely. The exploit is now public and may be used. Upgrading to version 0.10.0 is able to resolve this issue. The patch is named 217399723e3a2fb39389e5355d49ed80aaf9ea7c. Upgrading the affected component is advised."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T02:30:09.775Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-377854 | kLOsk adloop write.py _validate_urls server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/377854"
},
{
"name": "VDB-377854 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/377854/cti"
},
{
"name": "CVE-2026-15525 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15525"
},
{
"name": "Submit #854528 | kLOsk adloop 0.9.0 Server-Side Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/854528"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/kLOsk/adloop/issues/41"
},
{
"tags": [
"patch"
],
"url": "https://github.com/kLOsk/adloop/commit/217399723e3a2fb39389e5355d49ed80aaf9ea7c"
},
{
"tags": [
"patch"
],
"url": "https://github.com/kLOsk/adloop/releases/tag/v0.10.0"
},
{
"tags": [
"product"
],
"url": "https://github.com/kLOsk/adloop/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-07-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-12T14:11:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "kLOsk adloop write.py _validate_urls server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15525",
"datePublished": "2026-07-13T02:30:09.775Z",
"dateReserved": "2026-07-12T12:06:16.224Z",
"dateUpdated": "2026-07-13T15:26:18.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15508 (GCVE-0-2026-15508)
Vulnerability from cvelistv5 – Published: 2026-07-12 22:15 – Updated: 2026-07-13 15:38- CWE-918 - Server-Side Request Forgery
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/377837 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/377837/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15508 | third-party-advisory |
| https://vuldb.com/submit/845671 | third-party-advisory |
| https://github.com/oscar2744/CVE-Submit/issues/1 | exploitissue-tracking |
| Vendor | Product | Version | |
|---|---|---|---|
| Helicone | ai-gateway |
Affected:
0.2.0-beta.0
Affected: 0.2.0-beta.1 Affected: 0.2.0-beta.2 Affected: 0.2.0-beta.3 Affected: 0.2.0-beta.4 Affected: 0.2.0-beta.5 Affected: 0.2.0-beta.6 Affected: 0.2.0-beta.7 Affected: 0.2.0-beta.8 Affected: 0.2.0-beta.9 Affected: 0.2.0-beta.10 Affected: 0.2.0-beta.11 Affected: 0.2.0-beta.12 Affected: 0.2.0-beta.13 Affected: 0.2.0-beta.14 Affected: 0.2.0-beta.15 Affected: 0.2.0-beta.16 Affected: 0.2.0-beta.17 Affected: 0.2.0-beta.18 Affected: 0.2.0-beta.19 Affected: 0.2.0-beta.20 Affected: 0.2.0-beta.21 Affected: 0.2.0-beta.22 Affected: 0.2.0-beta.23 Affected: 0.2.0-beta.24 Affected: 0.2.0-beta.25 Affected: 0.2.0-beta.26 Affected: 0.2.0-beta.27 Affected: 0.2.0-beta.28 Affected: 0.2.0-beta.29 Affected: 0.2.0-beta.30 cpe:2.3:a:helicone:ai-gateway:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15508",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-13T15:38:53.451447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T15:38:59.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:helicone:ai-gateway:*:*:*:*:*:*:*:*"
],
"modules": [
"AWS Metadata Service"
],
"product": "ai-gateway",
"vendor": "Helicone",
"versions": [
{
"status": "affected",
"version": "0.2.0-beta.0"
},
{
"status": "affected",
"version": "0.2.0-beta.1"
},
{
"status": "affected",
"version": "0.2.0-beta.2"
},
{
"status": "affected",
"version": "0.2.0-beta.3"
},
{
"status": "affected",
"version": "0.2.0-beta.4"
},
{
"status": "affected",
"version": "0.2.0-beta.5"
},
{
"status": "affected",
"version": "0.2.0-beta.6"
},
{
"status": "affected",
"version": "0.2.0-beta.7"
},
{
"status": "affected",
"version": "0.2.0-beta.8"
},
{
"status": "affected",
"version": "0.2.0-beta.9"
},
{
"status": "affected",
"version": "0.2.0-beta.10"
},
{
"status": "affected",
"version": "0.2.0-beta.11"
},
{
"status": "affected",
"version": "0.2.0-beta.12"
},
{
"status": "affected",
"version": "0.2.0-beta.13"
},
{
"status": "affected",
"version": "0.2.0-beta.14"
},
{
"status": "affected",
"version": "0.2.0-beta.15"
},
{
"status": "affected",
"version": "0.2.0-beta.16"
},
{
"status": "affected",
"version": "0.2.0-beta.17"
},
{
"status": "affected",
"version": "0.2.0-beta.18"
},
{
"status": "affected",
"version": "0.2.0-beta.19"
},
{
"status": "affected",
"version": "0.2.0-beta.20"
},
{
"status": "affected",
"version": "0.2.0-beta.21"
},
{
"status": "affected",
"version": "0.2.0-beta.22"
},
{
"status": "affected",
"version": "0.2.0-beta.23"
},
{
"status": "affected",
"version": "0.2.0-beta.24"
},
{
"status": "affected",
"version": "0.2.0-beta.25"
},
{
"status": "affected",
"version": "0.2.0-beta.26"
},
{
"status": "affected",
"version": "0.2.0-beta.27"
},
{
"status": "affected",
"version": "0.2.0-beta.28"
},
{
"status": "affected",
"version": "0.2.0-beta.29"
},
{
"status": "affected",
"version": "0.2.0-beta.30"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "havel8964 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function build_target_url of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata Service. Executing a manipulation of the argument extracted_path_and_query can lead to server-side request forgery. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-12T22:15:11.407Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-377837 | Helicone ai-gateway AWS Metadata Service service.rs build_target_url server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/377837"
},
{
"name": "VDB-377837 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/377837/cti"
},
{
"name": "CVE-2026-15508 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15508"
},
{
"name": "Submit #845671 | GitHub Helicone ai-gateway v0.2.0-beta.30 Server-Side Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/845671"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/oscar2744/CVE-Submit/issues/1"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-12T07:57:28.000Z",
"value": "VulDB entry last update"
}
],
"title": "Helicone ai-gateway AWS Metadata Service service.rs build_target_url server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15508",
"datePublished": "2026-07-12T22:15:11.407Z",
"dateReserved": "2026-07-12T05:52:24.844Z",
"dateUpdated": "2026-07-13T15:38:59.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.