CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4628 vulnerabilities reference this CWE, most recent first.
GHSA-V9VV-QFG5-CXFG
Vulnerability from github – Published: 2025-05-29 18:31 – Updated: 2025-05-29 18:31maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings.
{
"affected": [],
"aliases": [
"CVE-2025-45474"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-29T16:15:40Z",
"severity": "HIGH"
},
"details": "maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings.",
"id": "GHSA-v9vv-qfg5-cxfg",
"modified": "2025-05-29T18:31:19Z",
"published": "2025-05-29T18:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45474"
},
{
"type": "WEB",
"url": "https://www.yuque.com/morysummer/vx41bz/ptnnp4eema601rvz"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-VCMF-HJ5V-RWXJ
Vulnerability from github – Published: 2023-02-16 21:30 – Updated: 2023-03-06 18:30Server-side request forgery in the CVAT software maintained by Intel(R) before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access.
{
"affected": [],
"aliases": [
"CVE-2022-27234"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-16T21:15:00Z",
"severity": "MODERATE"
},
"details": "Server-side request forgery in the CVAT software maintained by Intel(R) before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access.",
"id": "GHSA-vcmf-hj5v-rwxj",
"modified": "2023-03-06T18:30:21Z",
"published": "2023-02-16T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27234"
},
{
"type": "WEB",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00762.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VCRJ-9GMF-8P66
Vulnerability from github – Published: 2024-03-28 09:31 – Updated: 2026-04-28 21:34Server-Side Request Forgery (SSRF) vulnerability in NiteoThemes CMP – Coming Soon & Maintenance.This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.10.
{
"affected": [],
"aliases": [
"CVE-2023-50374"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-28T07:15:50Z",
"severity": "MODERATE"
},
"details": "Server-Side Request Forgery (SSRF) vulnerability in NiteoThemes CMP \u2013 Coming Soon \u0026 Maintenance.This issue affects CMP \u2013 Coming Soon \u0026 Maintenance: from n/a through 4.1.10.",
"id": "GHSA-vcrj-9gmf-8p66",
"modified": "2026-04-28T21:34:24Z",
"published": "2024-03-28T09:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50374"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/cmp-coming-soon-maintenance/wordpress-cmp-coming-soon-maintenance-plugin-by-niteothemes-plugin-4-1-10-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VCVG-2MWP-97QF
Vulnerability from github – Published: 2024-04-24 09:30 – Updated: 2026-04-28 21:34Server-Side Request Forgery (SSRF) vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.43.7212.
{
"affected": [],
"aliases": [
"CVE-2024-32955"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-24T07:15:49Z",
"severity": "MODERATE"
},
"details": "Server-Side Request Forgery (SSRF) vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.43.7212.",
"id": "GHSA-vcvg-2mwp-97qf",
"modified": "2026-04-28T21:34:51Z",
"published": "2024-04-24T09:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32955"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/fv-wordpress-flowplayer/wordpress-fv-flowplayer-video-player-plugin-7-5-43-7212-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VCVV-JMJX-JWRV
Vulnerability from github – Published: 2026-01-13 18:31 – Updated: 2026-01-13 18:31A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to proxy internal requests limited to plaintext endpoints only via crafted HTTP requests.
{
"affected": [],
"aliases": [
"CVE-2025-67685"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-13T17:15:58Z",
"severity": "LOW"
},
"details": "A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to proxy internal requests limited to plaintext endpoints only via crafted HTTP requests.",
"id": "GHSA-vcvv-jmjx-jwrv",
"modified": "2026-01-13T18:31:07Z",
"published": "2026-01-13T18:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67685"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-783"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VF62-MR8Q-5X6J
Vulnerability from github – Published: 2026-01-22 18:30 – Updated: 2026-01-27 21:31Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through <= 5.6.
{
"affected": [],
"aliases": [
"CVE-2026-22358"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-22T17:16:31Z",
"severity": "MODERATE"
},
"details": "Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through \u003c= 5.6.",
"id": "GHSA-vf62-mr8q-5x6j",
"modified": "2026-01-27T21:31:43Z",
"published": "2026-01-22T18:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22358"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Theme/electrician/vulnerability/wordpress-electrician-electrical-service-wordpress-theme-5-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VFJ6-275Q-4PVM
Vulnerability from github – Published: 2019-10-25 13:55 – Updated: 2024-09-20 21:42Impact
send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information. Email will be send through SMTP server configured in Graphite, by default it's 'localhost'
Patches
Problem was patched in Graphite-web 1.1.6. Also patches was released for graphite-web 1.0.x and 0.9.x, and we'll discuss releases of non-supported branches later.
Workarounds
You can manually remove function send_email from file webapp/graphite/composer/views.py. This function are not in use and will not affect your Graphite installation.
References
For more information check this graphite-web Github issue #2008
For more information
If you have any questions or comments about this advisory: * Add comment in issue #2008
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "graphite-web"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-18638"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-03T23:34:36Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Impact\nsend_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information. Email will be send through SMTP server configured in Graphite, by default it\u0027s \u0027localhost\u0027\n\n### Patches\nProblem was patched in Graphite-web 1.1.6. Also patches was released for graphite-web [1.0.x](https://github.com/graphite-project/graphite-web/pull/2501) and [0.9.x](https://github.com/graphite-project/graphite-web/pull/2500), and we\u0027ll discuss releases of non-supported branches later.\n\n### Workarounds\nYou can manually remove function `send_email` from file `webapp/graphite/composer/views.py`. This function are not in use and will not affect your Graphite installation.\n\n### References\nFor more information check this graphite-web Github issue #2008 \n\n### For more information\nIf you have any questions or comments about this advisory:\n* Add comment in [issue #2008](https://github.com/graphite-project/graphite-web/issues/2008)",
"id": "GHSA-vfj6-275q-4pvm",
"modified": "2024-09-20T21:42:27Z",
"published": "2019-10-25T13:55:20Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/graphite-project/graphite-web/security/advisories/GHSA-vfj6-275q-4pvm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18638"
},
{
"type": "WEB",
"url": "https://github.com/graphite-project/graphite-web/issues/2008"
},
{
"type": "WEB",
"url": "https://github.com/graphite-project/graphite-web/pull/2499"
},
{
"type": "WEB",
"url": "https://github.com/graphite-project/graphite-web/commit/71726a0e41a5263f49b973a7b856505a5b931c1f"
},
{
"type": "WEB",
"url": "https://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html#second-bug-internal-graphite-ssrf"
},
{
"type": "PACKAGE",
"url": "https://github.com/graphite-project/graphite-web"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/graphite-web/PYSEC-2019-151.yaml"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00030.html"
},
{
"type": "WEB",
"url": "https://www.youtube.com/watch?v=ds4Gp4xoaeA"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "graphite.composer.views.send_email vulnerable to SSRF"
}
GHSA-VFX9-PMH4-CQPQ
Vulnerability from github – Published: 2026-05-26 18:31 – Updated: 2026-05-26 18:31A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens.
For successful exploitation, an administrator must initially establish an insecure configuration of the API proxy.
{
"affected": [],
"aliases": [
"CVE-2026-2264"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-26T17:16:30Z",
"severity": "CRITICAL"
},
"details": "A vulnerability in the Google Cloud Apigee\u00a0SetIntegrationRequest\u00a0policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens.\n\nFor successful exploitation, an administrator must initially establish an insecure configuration of the API proxy.",
"id": "GHSA-vfx9-pmh4-cqpq",
"modified": "2026-05-26T18:31:45Z",
"published": "2026-05-26T18:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2264"
},
{
"type": "WEB",
"url": "https://docs.cloud.google.com/apigee/docs/security-bulletins/security-bulletins#gcp-2026-034"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber",
"type": "CVSS_V4"
}
]
}
GHSA-VG48-J87H-HC85
Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-10 18:31Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network.
{
"affected": [],
"aliases": [
"CVE-2026-26121"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-10T18:18:41Z",
"severity": "HIGH"
},
"details": "Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network.",
"id": "GHSA-vg48-j87h-hc85",
"modified": "2026-03-10T18:31:21Z",
"published": "2026-03-10T18:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26121"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26121"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VG9F-Q4XH-62R4
Vulnerability from github – Published: 2026-06-15 03:30 – Updated: 2026-06-15 03:30A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2026-12210"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-15T03:16:24Z",
"severity": "LOW"
},
"details": "A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-vg9f-q4xh-62r4",
"modified": "2026-06-15T03:30:32Z",
"published": "2026-06-15T03:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12210"
},
{
"type": "WEB",
"url": "https://github.com/gola-leya/cve_submit/issues/1"
},
{
"type": "WEB",
"url": "https://github.com/universal-tool-calling-protocol/python-utcp/issues/86"
},
{
"type": "WEB",
"url": "https://github.com/universal-tool-calling-protocol/python-utcp"
},
{
"type": "WEB",
"url": "https://vuldb.com/cve/CVE-2026-12210"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/832542"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/370852"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/370852/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.