CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4625 vulnerabilities reference this CWE, most recent first.
CVE-2026-13150 (GCVE-0-2026-13150)
Vulnerability from cvelistv5 – Published: 2026-06-24 10:45 – Updated: 2026-06-24 11:57- CWE-918 - Server-Side request forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/ccyl13/Pentestify/commit/a058a… | patch |
| Vendor | Product | Version | |
|---|---|---|---|
| Pentestify | Pentestify |
Affected:
0 , < 1.1.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-13150",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-24T11:57:12.138307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T11:57:56.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pentestify",
"repo": "https://github.com/ccyl13/Pentestify",
"vendor": "Pentestify",
"versions": [
{
"lessThan": "1.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pentestify:pentestify:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.1.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dario Rivas Quero from Secur0 security team"
},
{
"lang": "en",
"type": "finder",
"value": "Cristian Fernandez Cornejo from Secur0 security team"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Mario Alvarez Fernandez"
},
{
"lang": "en",
"type": "analyst",
"value": "Xoan M. Otero Jorge"
},
{
"lang": "en",
"type": "coordinator",
"value": "Secur0 CNA"
}
],
"datePublic": "2026-06-24T10:45:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) (CWE-918) in the PDF generation endpoint \u003ccode\u003eGET /api/reports/{id}/pdf\u003c/code\u003e (\u003ccode\u003ebackend/main.py\u003c/code\u003e) in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the rendered content in the resulting PDF via a crafted \u003ccode\u003eHost\u003c/code\u003e header, because the target URL is built from \u003ccode\u003erequest.base_url\u003c/code\u003e without validation."
}
],
"value": "Server-Side Request Forgery (SSRF) (CWE-918) in the PDF generation endpoint GET /api/reports/{id}/pdf (backend/main.py) in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the rendered content in the resulting PDF via a crafted Host header, because the target URL is built from request.base_url without validation."
}
],
"impacts": [
{
"capecId": "CAPEC-300",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-300 Port Scanning"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side request forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T10:45:17.553Z",
"orgId": "4daa8cea-433a-44bd-9456-53b127fc289a",
"shortName": "Secur0"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/ccyl13/Pentestify/commit/a058a22b42c6311895622645265df79a60265b1d"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to version 1.1.0 or higher"
}
],
"value": "Upgrade to version 1.1.0 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SSRF in Pentestify PDF generation endpoint via Host header",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "4daa8cea-433a-44bd-9456-53b127fc289a",
"assignerShortName": "Secur0",
"cveId": "CVE-2026-13150",
"datePublished": "2026-06-24T10:45:17.553Z",
"dateReserved": "2026-06-24T10:36:43.095Z",
"dateUpdated": "2026-06-24T11:57:56.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12992 (GCVE-0-2026-12992)
Vulnerability from cvelistv5 – Published: 2026-06-25 21:16 – Updated: 2026-07-15 01:21- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-12992 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2491691 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat build of Apicurio Registry 3 |
cpe:/a:redhat:apicurio_registry:3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12992",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T21:35:41.868366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T21:35:50.805Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:apicurio_registry:3"
],
"defaultStatus": "affected",
"packageName": "apicurio/apicurio-registry-rhel8",
"product": "Red Hat build of Apicurio Registry 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:apicurio_registry:3"
],
"defaultStatus": "affected",
"packageName": "apicurio/apicurio-registry-rhel9",
"product": "Red Hat build of Apicurio Registry 3",
"vendor": "Red Hat"
}
],
"datePublic": "2026-06-10T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import locations, causing the registry to issue HTTP requests to arbitrary internal URLs (server-side request forgery)."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T01:21:58.198Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-12992"
},
{
"name": "RHBZ#2491691",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491691"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12992.json"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-24T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-10T13:00:00.000Z",
"value": "Made public."
}
],
"title": "Apicurio/apicurio-registry: apicurio-registry: SSRF via wsdl4j import dereference in WSDL FULL validation",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:apicurio_registry:3"
],
"defaultStatus": "affected",
"packageName": "apicurio/apicurio-registry-rhel8",
"product": "Red Hat build of Apicurio Registry 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:apicurio_registry:3"
],
"defaultStatus": "affected",
"packageName": "apicurio/apicurio-registry-rhel9",
"product": "Red Hat build of Apicurio Registry 3",
"vendor": "Red Hat"
}
],
"datePublic": "2026-06-10T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import locations, causing the registry to issue HTTP requests to arbitrary internal URLs (server-side request forgery)."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T21:16:11.720Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-12992"
},
{
"name": "RHBZ#2491691",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491691"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-24T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-10T13:00:00.000Z",
"value": "Made public."
}
],
"title": "Apicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl full validation",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-918: Server-Side Request Forgery (SSRF)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-12992",
"datePublished": "2026-06-25T21:16:11.720Z",
"dateReserved": "2026-06-23T12:14:13.060Z",
"dateUpdated": "2026-07-15T01:21:58.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12986 (GCVE-0-2026-12986)
Vulnerability from cvelistv5 – Published: 2026-06-24 14:08 – Updated: 2026-06-24 14:52 X_Open Source| URL | Tags |
|---|---|
| https://docs.payara.fish/community/docs/Release%2… | release-notes |
| Vendor | Product | Version | |
|---|---|---|---|
| Payara | Payara Server |
Affected:
7.2025.1 , < 7.2026.6
(custom)
Affected: 7.0.0 , < 7.1.0 (semver) Affected: 6.0.0 , < 6.39.0 (semver) Affected: 5.20.0 , < 5.88.0 (semver) Affected: 4.1.144 , < 4.1.2.191.56 (custom) Affected: 5.181 , ≤ 5.201.2 (custom) Affected: 5.2020.1 , ≤ 5.2022.5 (custom) Affected: 6.2023.1 , ≤ 6.2025.11 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-24T14:52:09.838012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T14:52:26.473Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Admin GUI"
],
"packageName": "org.glassfish.main.admingui:console-common",
"platforms": [
"Windows",
"Linux",
"MacOS"
],
"product": "Payara Server",
"repo": "https://github.com/payara/Payara/",
"vendor": "Payara",
"versions": [
{
"lessThan": "7.2026.6",
"status": "affected",
"version": "7.2025.1",
"versionType": "custom"
},
{
"lessThan": "7.1.0",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThan": "6.39.0",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThan": "5.88.0",
"status": "affected",
"version": "5.20.0",
"versionType": "semver"
},
{
"lessThan": "4.1.2.191.56",
"status": "affected",
"version": "4.1.144",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.201.2",
"status": "affected",
"version": "5.181",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.2022.5",
"status": "affected",
"version": "5.2020.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2025.11",
"status": "affected",
"version": "6.2023.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "sujaltuladhar1231@gmail.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain.\u003cbr\u003e\u003cbr\u003eA Server-Side Request Forgery (SSRF) vulnerability in the DownloadServlet of the Admin GUI in Payara Server allows a remote attacker to exfiltrate the administrator\u0027s REST session token (gfresttoken) to an attacker-controlled host via a crafted request URL. Combined with the absence of CSRF protection on DownloadServlet, an unauthenticated attacker can trick a logged-in administrator into triggering the token leak, then replay the stolen token to gain full administrative access to the Payara domain, leading to arbitrary code execution via WAR deployment. The vulnerability exists in the\u0026nbsp;\u003ccode\u003eDownloadServlet\u003c/code\u003e\u0026nbsp;and associated\u0026nbsp;\u003ccode\u003eContentSource\u003c/code\u003e\u0026nbsp;implementations (\u003ccode\u003eLogViewerContentSource\u003c/code\u003e,\u0026nbsp;\u003ccode\u003eLogFilesContentSource\u003c/code\u003e,\u0026nbsp;\u003ccode\u003eLBConfigContentSource\u003c/code\u003e,\u0026nbsp;\u003ccode\u003eClientStubsContentSource\u003c/code\u003e) within the\u0026nbsp;\u003ccode\u003eadmingui:console-common\u003c/code\u003e\u0026nbsp;module.\u003cbr\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain.\n\nA Server-Side Request Forgery (SSRF) vulnerability in the DownloadServlet of the Admin GUI in Payara Server allows a remote attacker to exfiltrate the administrator\u0027s REST session token (gfresttoken) to an attacker-controlled host via a crafted request URL. Combined with the absence of CSRF protection on DownloadServlet, an unauthenticated attacker can trick a logged-in administrator into triggering the token leak, then replay the stolen token to gain full administrative access to the Payara domain, leading to arbitrary code execution via WAR deployment. The vulnerability exists in the\u00a0DownloadServlet\u00a0and associated\u00a0ContentSource\u00a0implementations (LogViewerContentSource,\u00a0LogFilesContentSource,\u00a0LBConfigContentSource,\u00a0ClientStubsContentSource) within the\u00a0admingui:console-common\u00a0module."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
},
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
},
{
"capecId": "CAPEC-60",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-60 Reusing Session IDs (aka Session Replay)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/S:P/AU:Y/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site request forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side request forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T14:18:36.828Z",
"orgId": "769c9ae7-73c3-4e47-ae19-903170fc3eb8",
"shortName": "Payara"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%207.2026.6.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"x_open-source"
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "769c9ae7-73c3-4e47-ae19-903170fc3eb8",
"assignerShortName": "Payara",
"cveId": "CVE-2026-12986",
"datePublished": "2026-06-24T14:08:02.332Z",
"dateReserved": "2026-06-23T11:45:33.366Z",
"dateUpdated": "2026-06-24T14:52:26.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12813 (GCVE-0-2026-12813)
Vulnerability from cvelistv5 – Published: 2026-06-21 22:30 – Updated: 2026-06-22 13:24- CWE-918 - Server-Side Request Forgery
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/372607 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/372607/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-12813 | third-party-advisory |
| https://vuldb.com/submit/837553 | third-party-advisory |
| https://github.com/dxz0069/softwareoverflow/blob/… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | activepieces |
Affected:
0.1
Affected: 0.2 Affected: 0.3 Affected: 0.4 Affected: 0.5 Affected: 0.6 Affected: 0.7 Affected: 0.8 Affected: 0.9 Affected: 0.10 Affected: 0.11 Affected: 0.12 Affected: 0.13 Affected: 0.14 Affected: 0.15 Affected: 0.16 Affected: 0.17 Affected: 0.18 Affected: 0.19 Affected: 0.20 Affected: 0.21 Affected: 0.22 Affected: 0.23 Affected: 0.24 Affected: 0.25 Affected: 0.26 Affected: 0.27 Affected: 0.28 Affected: 0.29 Affected: 0.30 Affected: 0.31 Affected: 0.32 Affected: 0.33 Affected: 0.34 Affected: 0.35 Affected: 0.36 Affected: 0.37 Affected: 0.38 Affected: 0.39 Affected: 0.40 Affected: 0.41 Affected: 0.42 Affected: 0.43 Affected: 0.44 Affected: 0.45 Affected: 0.46 Affected: 0.47 Affected: 0.48 Affected: 0.49 Affected: 0.50 Affected: 0.51 Affected: 0.52 Affected: 0.53 Affected: 0.54 Affected: 0.55 Affected: 0.56 Affected: 0.57 Affected: 0.58 Affected: 0.59 Affected: 0.60 Affected: 0.61 Affected: 0.62 Affected: 0.63 Affected: 0.64 Affected: 0.65 Affected: 0.66 Affected: 0.67 Affected: 0.68 Affected: 0.69 Affected: 0.70 Affected: 0.71 Affected: 0.72 Affected: 0.73 Affected: 0.74 Affected: 0.75 Affected: 0.76 Affected: 0.77 Affected: 0.78 Affected: 0.79 Affected: 0.80 Affected: 0.81 Affected: 0.82 Affected: 0.83.0 cpe:2.3:a:activepieces:activepieces:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12813",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T13:24:23.327254Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T13:24:34.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:activepieces:activepieces:*:*:*:*:*:*:*:*"
],
"modules": [
"File URL Handler"
],
"product": "activepieces",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "0.1"
},
{
"status": "affected",
"version": "0.2"
},
{
"status": "affected",
"version": "0.3"
},
{
"status": "affected",
"version": "0.4"
},
{
"status": "affected",
"version": "0.5"
},
{
"status": "affected",
"version": "0.6"
},
{
"status": "affected",
"version": "0.7"
},
{
"status": "affected",
"version": "0.8"
},
{
"status": "affected",
"version": "0.9"
},
{
"status": "affected",
"version": "0.10"
},
{
"status": "affected",
"version": "0.11"
},
{
"status": "affected",
"version": "0.12"
},
{
"status": "affected",
"version": "0.13"
},
{
"status": "affected",
"version": "0.14"
},
{
"status": "affected",
"version": "0.15"
},
{
"status": "affected",
"version": "0.16"
},
{
"status": "affected",
"version": "0.17"
},
{
"status": "affected",
"version": "0.18"
},
{
"status": "affected",
"version": "0.19"
},
{
"status": "affected",
"version": "0.20"
},
{
"status": "affected",
"version": "0.21"
},
{
"status": "affected",
"version": "0.22"
},
{
"status": "affected",
"version": "0.23"
},
{
"status": "affected",
"version": "0.24"
},
{
"status": "affected",
"version": "0.25"
},
{
"status": "affected",
"version": "0.26"
},
{
"status": "affected",
"version": "0.27"
},
{
"status": "affected",
"version": "0.28"
},
{
"status": "affected",
"version": "0.29"
},
{
"status": "affected",
"version": "0.30"
},
{
"status": "affected",
"version": "0.31"
},
{
"status": "affected",
"version": "0.32"
},
{
"status": "affected",
"version": "0.33"
},
{
"status": "affected",
"version": "0.34"
},
{
"status": "affected",
"version": "0.35"
},
{
"status": "affected",
"version": "0.36"
},
{
"status": "affected",
"version": "0.37"
},
{
"status": "affected",
"version": "0.38"
},
{
"status": "affected",
"version": "0.39"
},
{
"status": "affected",
"version": "0.40"
},
{
"status": "affected",
"version": "0.41"
},
{
"status": "affected",
"version": "0.42"
},
{
"status": "affected",
"version": "0.43"
},
{
"status": "affected",
"version": "0.44"
},
{
"status": "affected",
"version": "0.45"
},
{
"status": "affected",
"version": "0.46"
},
{
"status": "affected",
"version": "0.47"
},
{
"status": "affected",
"version": "0.48"
},
{
"status": "affected",
"version": "0.49"
},
{
"status": "affected",
"version": "0.50"
},
{
"status": "affected",
"version": "0.51"
},
{
"status": "affected",
"version": "0.52"
},
{
"status": "affected",
"version": "0.53"
},
{
"status": "affected",
"version": "0.54"
},
{
"status": "affected",
"version": "0.55"
},
{
"status": "affected",
"version": "0.56"
},
{
"status": "affected",
"version": "0.57"
},
{
"status": "affected",
"version": "0.58"
},
{
"status": "affected",
"version": "0.59"
},
{
"status": "affected",
"version": "0.60"
},
{
"status": "affected",
"version": "0.61"
},
{
"status": "affected",
"version": "0.62"
},
{
"status": "affected",
"version": "0.63"
},
{
"status": "affected",
"version": "0.64"
},
{
"status": "affected",
"version": "0.65"
},
{
"status": "affected",
"version": "0.66"
},
{
"status": "affected",
"version": "0.67"
},
{
"status": "affected",
"version": "0.68"
},
{
"status": "affected",
"version": "0.69"
},
{
"status": "affected",
"version": "0.70"
},
{
"status": "affected",
"version": "0.71"
},
{
"status": "affected",
"version": "0.72"
},
{
"status": "affected",
"version": "0.73"
},
{
"status": "affected",
"version": "0.74"
},
{
"status": "affected",
"version": "0.75"
},
{
"status": "affected",
"version": "0.76"
},
{
"status": "affected",
"version": "0.77"
},
{
"status": "affected",
"version": "0.78"
},
{
"status": "affected",
"version": "0.79"
},
{
"status": "affected",
"version": "0.80"
},
{
"status": "affected",
"version": "0.81"
},
{
"status": "affected",
"version": "0.82"
},
{
"status": "affected",
"version": "0.83.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ST4R (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. The manipulation results in server-side request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-21T22:30:09.414Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-372607 | activepieces File URL file.ts handleUrlFile server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/372607"
},
{
"name": "VDB-372607 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/372607/cti"
},
{
"name": "CVE-2026-12813 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-12813"
},
{
"name": "Submit #837553 | activepieces Component: see affected components below 0.83.1 Server-Side Request Forgery (SSRF)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/837553"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/dxz0069/softwareoverflow/blob/main/activepieces_file_property_url_ssrf_vulndb.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-21T08:22:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "activepieces File URL file.ts handleUrlFile server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-12813",
"datePublished": "2026-06-21T22:30:09.414Z",
"dateReserved": "2026-06-21T06:17:14.598Z",
"dateUpdated": "2026-06-22T13:24:34.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12798 (GCVE-0-2026-12798)
Vulnerability from cvelistv5 – Published: 2026-06-21 09:30 – Updated: 2026-06-22 17:14- CWE-918 - Server-Side Request Forgery
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/372560 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/372560/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-12798 | third-party-advisory |
| https://vuldb.com/submit/811290 | third-party-advisory |
| https://gist.github.com/YLChen-007/c1104c52997569… | exploit |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12798",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T17:14:11.598867Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T17:14:45.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"
],
"modules": [
"MCP OpenAPI Spec Loader"
],
"product": "litellm",
"vendor": "BerriAI",
"versions": [
{
"status": "affected",
"version": "1.82.0"
},
{
"status": "affected",
"version": "1.82.1"
},
{
"status": "affected",
"version": "1.82.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-c (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function load_openapi_spec_async of the file litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py of the component MCP OpenAPI Spec Loader. This manipulation of the argument spec_path causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-21T09:30:08.242Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-372560 | BerriAI litellm MCP OpenAPI Spec Loader openapi_to_mcp_generator.py load_openapi_spec_async server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/372560"
},
{
"name": "VDB-372560 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/372560/cti"
},
{
"name": "CVE-2026-12798 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-12798"
},
{
"name": "Submit #811290 | litellm latest Server-Side Request Forgery (SSRF) (CWE-918)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811290"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/c1104c529975699ba347feedfbe02c5a"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-20T19:17:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "BerriAI litellm MCP OpenAPI Spec Loader openapi_to_mcp_generator.py load_openapi_spec_async server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-12798",
"datePublished": "2026-06-21T09:30:08.242Z",
"dateReserved": "2026-06-20T17:12:20.743Z",
"dateUpdated": "2026-06-22T17:14:45.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12774 (GCVE-0-2026-12774)
Vulnerability from cvelistv5 – Published: 2026-06-21 03:45 – Updated: 2026-06-22 10:57- CWE-918 - Server-Side Request Forgery
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/372516 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/372516/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-12774 | third-party-advisory |
| https://vuldb.com/submit/811285 | third-party-advisory |
| https://gist.github.com/YLChen-007/256c8ff0750e29… | exploit |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12774",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T10:57:26.092177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T10:57:42.425Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"
],
"modules": [
"MCP Server Connection Testing"
],
"product": "litellm",
"vendor": "BerriAI",
"versions": [
{
"status": "affected",
"version": "1.82.0"
},
{
"status": "affected",
"version": "1.82.1"
},
{
"status": "affected",
"version": "1.82.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-c (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function _execute_with_mcp_client of the file litellm/proxy/_experimental/mcp_server/rest_endpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-21T03:45:06.835Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-372516 | BerriAI litellm MCP Server Connection Testing rest_endpoints.py _execute_with_mcp_client server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/372516"
},
{
"name": "VDB-372516 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/372516/cti"
},
{
"name": "CVE-2026-12774 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-12774"
},
{
"name": "Submit #811285 | litellm \u003c= 1.82.2 Server-Side Request Forgery (SSRF) (CWE-918)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811285"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/256c8ff0750e298f89b6b287c90c2981"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-20T11:31:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "BerriAI litellm MCP Server Connection Testing rest_endpoints.py _execute_with_mcp_client server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-12774",
"datePublished": "2026-06-21T03:45:06.835Z",
"dateReserved": "2026-06-20T09:26:29.098Z",
"dateUpdated": "2026-06-22T10:57:42.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12726 (GCVE-0-2026-12726)
Vulnerability from cvelistv5 – Published: 2026-06-19 18:49 – Updated: 2026-06-22 17:08- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-12726 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2490796 | issue-trackingx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Ansible Automation Platform 2 |
cpe:/a:redhat:ansible_automation_platform:2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12726",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T17:08:33.221112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T17:08:43.067Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform-26/controller-rhel9",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform-27/controller-rhel9",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"packageName": "automation-controller",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Martin Brodeur (FluentLogic) for reporting this issue."
}
],
"datePublic": "2026-06-19T14:40:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the AWX GitHub webhook integration. When processing GitHub pull_request webhooks, the controller stores the pull_request.statuses_url value from the webhook payload without validating that it points to a trusted GitHub API endpoint. If a job template is configured with a GitHub Personal Access Token as its webhook credential, the controller later POSTs that token to the stored callback URL when posting job status updates. An attacker who can submit a correctly signed forged webhook using the job template\u0027s webhook_key can redirect the callback to an attacker-controlled URL and exfiltrate the configured GitHub PAT."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T18:49:55.376Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-12726"
},
{
"name": "RHBZ#2490796",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490796"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-24T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-19T14:40:00.000Z",
"value": "Made public."
}
],
"title": "Awx: automation-controller: awx: github webhook second-order ssrf via unvalidated statuses_url exfiltrates pat credential",
"workarounds": [
{
"lang": "en",
"value": "The following practices may reduce exposure to this flaw until a fix is available:\n1. Restrict network access to controller webhook endpoints so only trusted GitHub egress IPs or an approved reverse proxy can reach them.\n2. Protect job template webhook keys as secrets; restrict Job Template admin access; rotate webhook keys if compromise is suspected.\n3. If commit status callback to GitHub is not required, configure GitHub webhooks without a webhook_credential on the job template (this disables PAT transmission on job completion).\n4. Monitor controller logs and outbound connections for unexpected callback destinations following webhook-triggered jobs."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-918: Server-Side Request Forgery (SSRF)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-12726",
"datePublished": "2026-06-19T18:49:55.376Z",
"dateReserved": "2026-06-19T15:05:52.078Z",
"dateUpdated": "2026-06-22T17:08:43.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12566 (GCVE-0-2026-12566)
Vulnerability from cvelistv5 – Published: 2026-06-17 21:48 – Updated: 2026-06-18 12:50- CWE-918 - Server-Side Request Forgery (SSRF)
| Vendor | Product | Version | |
|---|---|---|---|
| Black Lantern Security | BBOT |
Affected:
2.0.0 , ≤ <=2.8.4
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12566",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-18T12:50:29.407349Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T12:50:35.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BBOT",
"repo": "https://github.com/blacklanternsecurity/bbot",
"vendor": "Black Lantern Security",
"versions": [
{
"lessThanOrEqual": "\u003c=2.8.4",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The docker_pull module uses the realm parameter from a Docker registry\u0027s WWW-Authenticate response header as the authentication endpoint without validation. An attacker in a man-in-the-middle position between bbot and a Docker registry could modify this header to redirect the authentication request to an arbitrary endpoint, potentially leaking authentication tokens."
}
],
"value": "The docker_pull module uses the realm parameter from a Docker registry\u0027s WWW-Authenticate response header as the authentication endpoint without validation. An attacker in a man-in-the-middle position between bbot and a Docker registry could modify this header to redirect the authentication request to an arbitrary endpoint, potentially leaking authentication tokens."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T21:48:57.632Z",
"orgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"shortName": "BLSOPS"
},
"references": [
{
"url": "https://github.com/blacklanternsecurity/bbot/commit/c2f4bc0f4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SSRF via unvalidated WWW-Authenticate realm in docker_pull module",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"assignerShortName": "BLSOPS",
"cveId": "CVE-2026-12566",
"datePublished": "2026-06-17T21:48:57.632Z",
"dateReserved": "2026-06-17T21:45:54.435Z",
"dateUpdated": "2026-06-18T12:50:35.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12473 (GCVE-0-2026-12473)
Vulnerability from cvelistv5 – Published: 2026-06-25 20:38 – Updated: 2026-06-26 13:05- CWE-918 - Server-Side request forgery (SSRF)
| Vendor | Product | Version | |
|---|---|---|---|
| Open Health Imaging Foundation (OHIF) | DICOM Web Viewer Framework |
Affected:
0 , ≤ v3.12.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T13:05:47.331920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T13:05:53.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DICOM Web Viewer Framework",
"vendor": "Open Health Imaging Foundation (OHIF)",
"versions": [
{
"lessThanOrEqual": "v3.12.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Simon Weber and Volker Sch\u00f6nefeld of Machine Spirits UG reported this vulnerability to CISA."
}
],
"datePublic": "2026-06-25T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Two data sources (DICOMWebProxy and DICOMJSON) shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the authenticated user\u0027s OIDC Bearer token into the resulting requests, sending it to the attacker-controlled server. DICOMweb data sources are not impacted."
}
],
"value": "Two data sources (DICOMWebProxy and DICOMJSON) shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the authenticated user\u0027s OIDC Bearer token into the resulting requests, sending it to the attacker-controlled server. DICOMweb data sources are not impacted."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side request forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T20:38:32.998Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsma-26-176-02"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-176-02.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The maintainer has fixed the reported vulnerability and released version 3.12.2 (2026-05-18). The fix is located at OHIF/Viewers#5985 (master), OHIF/Viewers#5978 (release/3.12).\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to v3.12.2 or later. Operators who need dicomwebproxy or dicomjson in authenticated deployments must additionally configure the new dangerouslyAllowedOriginsForAuthenticatedEnvironments allowlist in app-config.js.\u0026nbsp;"
}
],
"value": "The maintainer has fixed the reported vulnerability and released version 3.12.2 (2026-05-18). The fix is located at OHIF/Viewers#5985 (master), OHIF/Viewers#5978 (release/3.12).\n\nUsers are recommended to upgrade to v3.12.2 or later. Operators who need dicomwebproxy or dicomjson in authenticated deployments must additionally configure the new dangerouslyAllowedOriginsForAuthenticatedEnvironments allowlist in app-config.js."
}
],
"source": {
"advisory": "ICSMA-26-176-02",
"discovery": "EXTERNAL"
},
"title": "OHIF Viewers DICOM Server-Side request forgery",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users running OHIF with authentication should remove ALL unused DicomWebProxyDataSource and DicomJSONDataSource configurations from the configuration file they are deploying with."
}
],
"value": "Users running OHIF with authentication should remove ALL unused DicomWebProxyDataSource and DicomJSONDataSource configurations from the configuration file they are deploying with."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:\n\u003cbr\u003e\u003cul\u003e\u003cli\u003eMinimize network exposure for all control system devices and/or \nsystems, ensuring they are not accessible from the \ninternet. \u003ca href=\"https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01\"\u003ehttps://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01\u003c/a\u003e\u0026nbsp;\u003c/li\u003e\u003cli\u003eLocate control system networks and remote devices behind firewalls and isolating them from business networks.\n\u003c/li\u003e\u003cli\u003eWhen remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have \nvulnerabilities and should be updated to the most current version \navailable. Also recognize VPN is only as secure as the connected \ndevices.\n\n\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:\n\n * Minimize network exposure for all control system devices and/or \nsystems, ensuring they are not accessible from the \ninternet. https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 \u00a0\n * Locate control system networks and remote devices behind firewalls and isolating them from business networks.\n\n * When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have \nvulnerabilities and should be updated to the most current version \navailable. Also recognize VPN is only as secure as the connected \ndevices."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-12473",
"datePublished": "2026-06-25T20:38:32.998Z",
"dateReserved": "2026-06-16T20:16:53.716Z",
"dateUpdated": "2026-06-26T13:05:53.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12210 (GCVE-0-2026-12210)
Vulnerability from cvelistv5 – Published: 2026-06-15 02:30 – Updated: 2026-06-15 13:19- CWE-918 - Server-Side Request Forgery
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/370852 | vdb-entry |
| https://vuldb.com/vuln/370852/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-12210 | third-party-advisory |
| https://vuldb.com/submit/832542 | third-party-advisory |
| https://github.com/universal-tool-calling-protoco… | issue-tracking |
| https://github.com/gola-leya/cve_submit/issues/1 | exploitissue-tracking |
| https://github.com/universal-tool-calling-protoco… | product |
| Vendor | Product | Version | |
|---|---|---|---|
| universal-tool-calling-protocol | python-utcp |
Affected:
1.1.0
cpe:2.3:a:universal-tool-calling-protocol:python-utcp:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12210",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-15T13:19:45.321990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T13:19:52.875Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:universal-tool-calling-protocol:python-utcp:*:*:*:*:*:*:*:*"
],
"modules": [
"utcp-gql/utcp-websocket"
],
"product": "python-utcp",
"vendor": "universal-tool-calling-protocol",
"versions": [
{
"status": "affected",
"version": "1.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "gola (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T02:30:10.150Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-370852 | universal-tool-calling-protocol python-utcp utcp-gql/utcp-websocket server-side request forgery",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/370852"
},
{
"name": "VDB-370852 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/370852/cti"
},
{
"name": "CVE-2026-12210 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-12210"
},
{
"name": "Submit #832542 | universal-tool-calling-protocol python-utcp 1.1.0 Improper Input Validation",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/832542"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/universal-tool-calling-protocol/python-utcp/issues/86"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/gola-leya/cve_submit/issues/1"
},
{
"tags": [
"product"
],
"url": "https://github.com/universal-tool-calling-protocol/python-utcp/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-14T14:35:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "universal-tool-calling-protocol python-utcp utcp-gql/utcp-websocket server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-12210",
"datePublished": "2026-06-15T02:30:10.150Z",
"dateReserved": "2026-06-14T12:30:06.444Z",
"dateUpdated": "2026-06-15T13:19:52.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.