CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4658 vulnerabilities reference this CWE, most recent first.
GHSA-5W55-FGG7-M5GX
Vulnerability from github – Published: 2025-09-08 06:30 – Updated: 2025-09-08 21:30The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.
{
"affected": [],
"aliases": [
"CVE-2025-8085"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-08T06:15:34Z",
"severity": "HIGH"
},
"details": "The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.",
"id": "GHSA-5w55-fgg7-m5gx",
"modified": "2025-09-08T21:30:59Z",
"published": "2025-09-08T06:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8085"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/f42c37bb-1ae0-49ab-bd81-7864dff0fcff"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5W5H-C32Q-R6W9
Vulnerability from github – Published: 2026-05-11 18:31 – Updated: 2026-05-11 18:31OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing to private-network or metadata endpoints that bypass security policies and are later probed during normal profile status operations.
{
"affected": [],
"aliases": [
"CVE-2026-45000"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-11T18:16:40Z",
"severity": "LOW"
},
"details": "OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing to private-network or metadata endpoints that bypass security policies and are later probed during normal profile status operations.",
"id": "GHSA-5w5h-c32q-r6w9",
"modified": "2026-05-11T18:31:47Z",
"published": "2026-05-11T18:31:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j4c5-89f5-f3pm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45000"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/1fd049e3074cac72f6734a7fe88468c84f5f8bd7"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/e90c89cf8b1459f2aa1f3a665be67392b6c03fdf"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-browser-cdp-profile-creation"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5WJ3-M77Q-J278
Vulnerability from github – Published: 2026-07-08 18:31 – Updated: 2026-07-08 18:31repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers to access private network addresses, GCP metadata services, or local filesystem paths.
{
"affected": [],
"aliases": [
"CVE-2026-59702"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-08T16:16:31Z",
"severity": "CRITICAL"
},
"details": "repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers to access private network addresses, GCP metadata services, or local filesystem paths.",
"id": "GHSA-5wj3-m77q-j278",
"modified": "2026-07-08T18:31:36Z",
"published": "2026-07-08T18:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59702"
},
{
"type": "WEB",
"url": "https://github.com/yamadashy/repomix/issues/1703"
},
{
"type": "WEB",
"url": "https://github.com/CrazyForks/repomix/commit/c748b524f41225e7fc6f89ad0084520901a453cf"
},
{
"type": "WEB",
"url": "https://github.com/yamadashy/repomix"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/repomix-server-side-request-forgery-via-unvalidated-repository-urls-in-post-api-pack"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5WW6-XVHM-X8Q3
Vulnerability from github – Published: 2024-06-30 18:30 – Updated: 2024-06-30 18:30IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 275774.
{
"affected": [],
"aliases": [
"CVE-2023-50952"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-30T18:15:02Z",
"severity": "MODERATE"
},
"details": "IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 275774.",
"id": "GHSA-5ww6-xvhm-x8q3",
"modified": "2024-06-30T18:30:38Z",
"published": "2024-06-30T18:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50952"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275774"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7158437"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5X44-6VJC-WRHM
Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2022-05-24 17:39In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative access on the web administrative interface.
{
"affected": [],
"aliases": [
"CVE-2020-24641"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-15T19:15:00Z",
"severity": "HIGH"
},
"details": "In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative access on the web administrative interface.",
"id": "GHSA-5x44-6vjc-wrhm",
"modified": "2022-05-24T17:39:16Z",
"published": "2022-05-24T17:39:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24641"
},
{
"type": "WEB",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-001.txt"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-5XCH-82FP-5J4W
Vulnerability from github – Published: 2025-12-01 21:30 – Updated: 2025-12-02 21:31PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.
{
"affected": [],
"aliases": [
"CVE-2025-65836"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-01T20:15:57Z",
"severity": "CRITICAL"
},
"details": "PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.",
"id": "GHSA-5xch-82fp-5j4w",
"modified": "2025-12-02T21:31:27Z",
"published": "2025-12-01T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65836"
},
{
"type": "WEB",
"url": "https://github.com/sanluan/PublicCMS/issues/99"
},
{
"type": "WEB",
"url": "https://github.com/Hyperkopite/PublicCMS_Vulns/blob/main/SSRF_1.md"
},
{
"type": "WEB",
"url": "https://github.com/sanluan/PublicCMS"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5XHR-994V-5G9P
Vulnerability from github – Published: 2025-04-28 18:30 – Updated: 2025-04-28 18:30DevExpress before 23.1.3 allows AsyncDownloader SSRF.
{
"affected": [],
"aliases": [
"CVE-2023-35817"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-28T16:15:26Z",
"severity": "MODERATE"
},
"details": "DevExpress before 23.1.3 allows AsyncDownloader SSRF.",
"id": "GHSA-5xhr-994v-5g9p",
"modified": "2025-04-28T18:30:57Z",
"published": "2025-04-28T18:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35817"
},
{
"type": "WEB",
"url": "https://code-white.com/public-vulnerability-list"
},
{
"type": "WEB",
"url": "https://supportcenter.devexpress.com/ticket/details/t1157209/server-side-request-forgery-via-asyncdownloader"
},
{
"type": "WEB",
"url": "https://supportcenter.devexpress.com/ticket/details/t1161404/report-and-dashboard-server-improper-default-configuration-can-lead-to-ssrf-attacks"
},
{
"type": "WEB",
"url": "https://supportcenter.devexpress.com/ticket/details/t1162045/reporting-bi-dashboard-office-file-api-web-app-configuration-to-help-prevent-ssrf-attacks"
},
{
"type": "WEB",
"url": "https://supportcenter.devexpress.com/ticket/details/t394936/devexpress-security-advisory-updated-on-april-27-2023"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5XJP-M73Q-2884
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attacker are supposed not to do.
{
"affected": [],
"aliases": [
"CVE-2021-37104"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-28T15:15:00Z",
"severity": "HIGH"
},
"details": "There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attacker are supposed not to do.",
"id": "GHSA-5xjp-m73q-2884",
"modified": "2022-05-24T19:15:59Z",
"published": "2022-05-24T19:15:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37104"
},
{
"type": "WEB",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210922-01-ssrf-en"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-5XM8-3P95-WHJ7
Vulnerability from github – Published: 2025-12-31 18:30 – Updated: 2026-04-01 18:36Server-Side Request Forgery (SSRF) vulnerability in extendons WordPress & WooCommerce Scraper Plugin, Import Data from Any Site allows Server Side Request Forgery.This issue affects WordPress & WooCommerce Scraper Plugin, Import Data from Any Site: from n/a through 1.0.7.
{
"affected": [],
"aliases": [
"CVE-2025-62088"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-31T17:15:45Z",
"severity": "MODERATE"
},
"details": "Server-Side Request Forgery (SSRF) vulnerability in extendons WordPress \u0026 WooCommerce Scraper Plugin, Import Data from Any Site allows Server Side Request Forgery.This issue affects WordPress \u0026 WooCommerce Scraper Plugin, Import Data from Any Site: from n/a through 1.0.7.",
"id": "GHSA-5xm8-3p95-whj7",
"modified": "2026-04-01T18:36:29Z",
"published": "2025-12-31T18:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62088"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/wp_scraper/vulnerability/wordpress-wordpress-woocommerce-scraper-plugin-import-data-from-any-site-plugin-1-0-7-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/wordpress/plugin/wp_scraper/vulnerability/wordpress-wordpress-woocommerce-scraper-plugin-import-data-from-any-site-plugin-1-0-7-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5XX3-J724-WMX5
Vulnerability from github – Published: 2026-06-03 00:30 – Updated: 2026-07-10 17:15A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read_file. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The name of the patch is 53699bebba9950047bca16ac4dc8f0568f596aaa. It is best practice to apply a patch to resolve this issue.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@wonderwhy-er/desktop-commander"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.37"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-10690"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-10T17:15:09Z",
"nvd_published_at": "2026-06-03T00:16:30Z",
"severity": "LOW"
},
"details": "A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read_file. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The name of the patch is 53699bebba9950047bca16ac4dc8f0568f596aaa. It is best practice to apply a patch to resolve this issue.",
"id": "GHSA-5xx3-j724-wmx5",
"modified": "2026-07-10T17:15:46Z",
"published": "2026-06-03T00:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10690"
},
{
"type": "WEB",
"url": "https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/410"
},
{
"type": "WEB",
"url": "https://github.com/sorlen008/DesktopCommanderMCP/commit/53699bebba9950047bca16ac4dc8f0568f596aaa"
},
{
"type": "PACKAGE",
"url": "https://github.com/wonderwhy-er/DesktopCommanderMCP"
},
{
"type": "WEB",
"url": "https://vuldb.com/cve/CVE-2026-10690"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/830735"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/367959"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/367959/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "DesktopCommanderMCP is vulnerable to SSRF"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.