CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
CVE-2026-27696 (GCVE-0-2026-27696)
Vulnerability from cvelistv5 – Published: 2026-02-25 04:16 – Updated: 2026-02-25 14:51- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/dgtlmoon/changedetection.io/se… | x_refsource_CONFIRM |
| https://github.com/dgtlmoon/changedetection.io/co… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| dgtlmoon | changedetection.io |
Affected:
< 0.54.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27696",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T14:51:00.509715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T14:51:16.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-3c45-4pj5-ch7m"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "changedetection.io",
"vendor": "dgtlmoon",
"versions": [
{
"status": "affected",
"version": "\u003c 0.54.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery (SSRF) because the URL validation function `is_safe_valid_url()` does not validate the resolved IP address of watch URLs against private, loopback, or link-local address ranges. An authenticated user (or any user when no password is configured, which is the default) can add a watch for internal network URLs. The application fetches these URLs server-side, stores the response content, and makes it viewable through the web UI \u2014 enabling full data exfiltration from internal services. Version 0.54.1 contains a fix for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T04:16:22.764Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-3c45-4pj5-ch7m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-3c45-4pj5-ch7m"
},
{
"name": "https://github.com/dgtlmoon/changedetection.io/commit/fe7aa38c651d73fe5f41ce09855fa8f97193747b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dgtlmoon/changedetection.io/commit/fe7aa38c651d73fe5f41ce09855fa8f97193747b"
}
],
"source": {
"advisory": "GHSA-3c45-4pj5-ch7m",
"discovery": "UNKNOWN"
},
"title": "changedetection.io Vulnerable to Server-Side Request Forgery (SSRF) via Watch URLs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27696",
"datePublished": "2026-02-25T04:16:22.764Z",
"dateReserved": "2026-02-23T17:56:51.202Z",
"dateUpdated": "2026-02-25T14:51:16.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27706 (GCVE-0-2026-27706)
Vulnerability from cvelistv5 – Published: 2026-02-25 15:56 – Updated: 2026-02-25 20:13- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/makeplane/plane/security/advis… | x_refsource_CONFIRM |
| https://github.com/makeplane/plane/releases/tag/v1.2.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27706",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T20:12:47.055590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T20:13:05.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "plane",
"vendor": "makeplane",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery (SSRF) vulnerability has been identified in the \"Add Link\" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the internal network and exfiltrate the full response body. By exploiting this vulnerability, an attacker can steal sensitive data from internal services and cloud metadata endpoints. Version 1.2.2 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T15:56:11.220Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/makeplane/plane/security/advisories/GHSA-jcc6-f9v6-f7jw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/makeplane/plane/security/advisories/GHSA-jcc6-f9v6-f7jw"
},
{
"name": "https://github.com/makeplane/plane/releases/tag/v1.2.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/makeplane/plane/releases/tag/v1.2.2"
}
],
"source": {
"advisory": "GHSA-jcc6-f9v6-f7jw",
"discovery": "UNKNOWN"
},
"title": "Plane Vulnerable to Full Read SSRF via Favicon Fetching in \"Add Link\" Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27706",
"datePublished": "2026-02-25T15:56:11.220Z",
"dateReserved": "2026-02-23T17:56:51.202Z",
"dateUpdated": "2026-02-25T20:13:05.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27730 (GCVE-0-2026-27730)
Vulnerability from cvelistv5 – Published: 2026-02-25 15:37 – Updated: 2026-02-25 20:32- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/esm-dev/esm.sh/security/adviso… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27730",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T20:31:47.872081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T20:32:05.079Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "esm.sh",
"vendor": "esm-dev",
"versions": [
{
"status": "affected",
"version": "\u003c= 137"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "esm.sh is a no-build content delivery network (CDN) for web development. Versions up to and including 137 have an SSRF vulnerability (CWE-918) in esm.sh\u2019s `/http(s)` fetch route. The service tries to block localhost/internal targets, but the validation is based on hostname string checks and can be bypassed using DNS alias domains. This allows an external requester to make the esm.sh server fetch internal localhost services. As of time of publication, no known patched versions exist."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T15:37:01.753Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/esm-dev/esm.sh/security/advisories/GHSA-p2v6-84h2-5x4r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/esm-dev/esm.sh/security/advisories/GHSA-p2v6-84h2-5x4r"
}
],
"source": {
"advisory": "GHSA-p2v6-84h2-5x4r",
"discovery": "UNKNOWN"
},
"title": "esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27730",
"datePublished": "2026-02-25T15:37:01.753Z",
"dateReserved": "2026-02-23T18:37:14.789Z",
"dateUpdated": "2026-02-25T20:32:05.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27732 (GCVE-0-2026-27732)
Vulnerability from cvelistv5 – Published: 2026-02-24 14:56 – Updated: 2026-02-27 20:49- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/WWBN/AVideo/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/WWBN/AVideo/commit/384ef254809… | x_refsource_MISC |
| https://github.com/WWBN/AVideo/releases/tag/22.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27732",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-27T20:49:30.753817Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T20:49:38.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AVideo",
"vendor": "WWBN",
"versions": [
{
"status": "affected",
"version": "\u003c 22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WWBN AVideo is an open source video platform. Prior to version 22.0, the `aVideoEncoder.json.php` API endpoint accepts a `downloadURL` parameter and fetches the referenced resource server-side without proper validation or an allow-list. This allows authenticated users to trigger server-side requests to arbitrary URLs (including internal network endpoints). An authenticated attacker can leverage SSRF to interact with internal services and retrieve sensitive data (e.g., internal APIs, metadata services), potentially leading to further compromise depending on the deployment environment. This issue has been fixed in AVideo version 22.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T14:56:55.372Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/WWBN/AVideo/security/advisories/GHSA-h39h-7cvg-q7j6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-h39h-7cvg-q7j6"
},
{
"name": "https://github.com/WWBN/AVideo/commit/384ef2548093f4cbb1bfac00f1f429fe57fab853",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WWBN/AVideo/commit/384ef2548093f4cbb1bfac00f1f429fe57fab853"
},
{
"name": "https://github.com/WWBN/AVideo/releases/tag/22.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WWBN/AVideo/releases/tag/22.0"
}
],
"source": {
"advisory": "GHSA-h39h-7cvg-q7j6",
"discovery": "UNKNOWN"
},
"title": "AVideo has Authenticated Server-Side Request Forgery via downloadURL in aVideoEncoder.json.php"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27732",
"datePublished": "2026-02-24T14:56:55.372Z",
"dateReserved": "2026-02-23T18:37:14.789Z",
"dateUpdated": "2026-02-27T20:49:38.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27739 (GCVE-0-2026-27739)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:47 – Updated: 2026-02-27 17:59- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/angular/angular-cli/security/a… | x_refsource_CONFIRM |
| https://github.com/angular/angular-cli/pull/32516 | x_refsource_MISC |
| https://angular.dev/best-practices/security#preve… | x_refsource_MISC |
| https://developer.mozilla.org/en-US/docs/Web/Secu… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| angular | angular-cli |
Affected:
>= 21.2.0-next.2, < 21.2.0-rc.0
Affected: >= 21.0.0-next.0, < 21.1.5 Affected: >= 20.0.0-next.0, < 20.3.17 Affected: < 19.2.21 |
|
| angular | @nguniversal/common |
Affected:
<= 16.2.0
|
|
| angular | @nguniversal/express-engine |
Affected:
<= 16.2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-27T17:59:01.966307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T17:59:11.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "angular-cli",
"vendor": "angular",
"versions": [
{
"status": "affected",
"version": "\u003e= 21.2.0-next.2, \u003c 21.2.0-rc.0"
},
{
"status": "affected",
"version": "\u003e= 21.0.0-next.0, \u003c 21.1.5"
},
{
"status": "affected",
"version": "\u003e= 20.0.0-next.0, \u003c 20.3.17"
},
{
"status": "affected",
"version": "\u003c 19.2.21"
}
]
},
{
"product": "@nguniversal/common",
"vendor": "angular",
"versions": [
{
"status": "affected",
"version": "\u003c= 16.2.0"
}
]
},
{
"product": "@nguniversal/express-engine",
"vendor": "angular",
"versions": [
{
"status": "affected",
"version": "\u003c= 16.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery (SSRF) vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because Angular\u2019s internal URL reconstruction logic directly trusts and consumes user-controlled HTTP headers specifically the Host and `X-Forwarded-*` family to determine the application\u0027s base origin without any validation of the destination domain. Specifically, the framework didn\u0027t have checks for the host domain, path and character sanitization, and port validation. This vulnerability manifests in two primary ways: implicit relative URL resolution and explicit manual construction. When successfully exploited, this vulnerability allows for arbitrary internal request steering. This can lead to credential exfiltration, internal network probing, and a confidentiality breach. In order to be vulnerable, the victim application must use Angular SSR (Server-Side Rendering), the application must perform `HttpClient` requests using relative URLs OR manually construct URLs using the unvalidated `Host` / `X-Forwarded-*` headers using the `REQUEST` object, the application server must be reachable by an attacker who can influence these headers without strict validation from a front-facing proxy, and the infrastructure (Cloud, CDN, or Load Balancer) must not sanitize or validate incoming headers. Versions 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 contain a patch. Some workarounds are available. Avoid using `req.headers` for URL construction. Instead, use trusted variables for base API paths. Those who cannot upgrade immediately should implement a middleware in their `server.ts` to enforce numeric ports and validated hostnames."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:47:29.705Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/angular/angular-cli/security/advisories/GHSA-x288-3778-4hhx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/angular/angular-cli/security/advisories/GHSA-x288-3778-4hhx"
},
{
"name": "https://github.com/angular/angular-cli/pull/32516",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular-cli/pull/32516"
},
{
"name": "https://angular.dev/best-practices/security#preventing-server-side-request-forgery-ssrf",
"tags": [
"x_refsource_MISC"
],
"url": "https://angular.dev/best-practices/security#preventing-server-side-request-forgery-ssrf"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/SSRF",
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/SSRF"
}
],
"source": {
"advisory": "GHSA-x288-3778-4hhx",
"discovery": "UNKNOWN"
},
"title": "Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27739",
"datePublished": "2026-02-25T16:47:29.705Z",
"dateReserved": "2026-02-23T18:37:14.790Z",
"dateUpdated": "2026-02-27T17:59:11.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27759 (GCVE-0-2026-27759)
Vulnerability from cvelistv5 – Published: 2026-02-27 22:17 – Updated: 2026-05-11 23:11- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/featured-image-from… | productpatch |
| https://www.vulncheck.com/advisories/featured-ima… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Dhrumil Kumbhani | Featured Image from Content |
Affected:
0 , < 1.7
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T15:14:28.988871Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T15:17:44.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Featured Image from Content",
"vendor": "Dhrumil Kumbhani",
"versions": [
{
"lessThan": "1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "4lec4st"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFeatured Image from Content\u003c/span\u003e (featured-image-from-content) WordPress plugin versions prior to 1.7 contain\u0026nbsp;an authenticated server-side request forgery vulnerability that allows Author-level users to fetch internal HTTP resources. Attackers can exploit insecure URL fetching and file write operations to retrieve sensitive internal data and store it in web-accessible upload directories."
}
],
"value": "Featured Image from Content (featured-image-from-content) WordPress plugin versions prior to 1.7 contain\u00a0an authenticated server-side request forgery vulnerability that allows Author-level users to fetch internal HTTP resources. Attackers can exploit insecure URL fetching and file write operations to retrieve sensitive internal data and store it in web-accessible upload directories."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T23:11:29.923Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"product",
"patch"
],
"url": "https://wordpress.org/plugins/featured-image-from-content/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/featured-image-from-content-authenticated-ssrf-via-save-post"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Featured Image from Content \u003c 1.7 Authenticated SSRF via save_post",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-27759",
"datePublished": "2026-02-27T22:17:11.669Z",
"dateReserved": "2026-02-23T21:38:48.842Z",
"dateUpdated": "2026-05-11T23:11:29.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27795 (GCVE-0-2026-27795)
Vulnerability from cvelistv5 – Published: 2026-02-25 17:30 – Updated: 2026-02-25 18:42- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/langchain-ai/langchainjs/secur… | x_refsource_CONFIRM |
| https://github.com/langchain-ai/langchainjs/secur… | x_refsource_MISC |
| https://github.com/langchain-ai/langchainjs/pull/9990 | x_refsource_MISC |
| https://github.com/langchain-ai/langchainjs/commi… | x_refsource_MISC |
| https://github.com/langchain-ai/langchainjs/commi… | x_refsource_MISC |
| https://github.com/langchain-ai/langchainjs/relea… | x_refsource_MISC |
| https://github.com/langchain-ai/langchainjs/relea… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| langchain-ai | langchainjs |
Affected:
< 1.1.18
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T18:42:34.609541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T18:42:52.277Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "langchainjs",
"vendor": "langchain-ai",
"versions": [
{
"status": "affected",
"version": "\u003c 1.1.18"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery (SSRF) bypass exists in `RecursiveUrlLoader` in `@langchain/community`. The loader validates the initial URL but allows the underlying fetch to follow redirects automatically, which permits a transition from a safe public URL to an internal or metadata endpoint without revalidation. This is a bypass of the SSRF protections introduced in 1.1.14 (CVE-2026-26019). Users should upgrade to `@langchain/community` 1.1.18, which validates every redirect hop by disabling automatic redirects and re-validating `Location` targets before following them. In this version, automatic redirects are disabled (`redirect: \"manual\"`), each 3xx `Location` is resolved and validated with `validateSafeUrl()` before the next request, and a maximum redirect limit prevents infinite loops."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T17:30:01.106Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-mphv-75cg-56wg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-mphv-75cg-56wg"
},
{
"name": "https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-gf3v-fwqg-4vh7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-gf3v-fwqg-4vh7"
},
{
"name": "https://github.com/langchain-ai/langchainjs/pull/9990",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/langchain-ai/langchainjs/pull/9990"
},
{
"name": "https://github.com/langchain-ai/langchainjs/commit/2812d2b2b9fd9343c4850e2ab906b8cf440975ee",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/langchain-ai/langchainjs/commit/2812d2b2b9fd9343c4850e2ab906b8cf440975ee"
},
{
"name": "https://github.com/langchain-ai/langchainjs/commit/d5e3db0d01ab321ec70a875805b2f74aefdadf9d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/langchain-ai/langchainjs/commit/d5e3db0d01ab321ec70a875805b2f74aefdadf9d"
},
{
"name": "https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunity%401.1.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunity%401.1.14"
},
{
"name": "https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunity%401.1.18",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcommunity%401.1.18"
}
],
"source": {
"advisory": "GHSA-mphv-75cg-56wg",
"discovery": "UNKNOWN"
},
"title": "LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27795",
"datePublished": "2026-02-25T17:30:01.106Z",
"dateReserved": "2026-02-24T02:31:33.265Z",
"dateUpdated": "2026-02-25T18:42:52.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27797 (GCVE-0-2026-27797)
Vulnerability from cvelistv5 – Published: 2026-03-07 05:54 – Updated: 2026-03-09 20:44- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/homarr-labs/homarr/security/ad… | x_refsource_CONFIRM |
| https://github.com/homarr-labs/homarr/commit/fce9… | x_refsource_MISC |
| https://github.com/homarr-labs/homarr/releases/ta… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| homarr-labs | homarr |
Affected:
< 1.54.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27797",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T20:40:40.381666Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T20:44:25.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "homarr",
"vendor": "homarr-labs",
"versions": [
{
"status": "affected",
"version": "\u003c 1.54.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Homarr is an open-source dashboard. Prior to version 1.54.0, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability allows a remote attacker to force the Homarr server to perform arbitrary outbound HTTP requests. This can be used as an internal network access primitive (e.g., reaching loopback/private ranges) from the Homarr host/container network context. This issue has been patched in version 1.54.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-07T05:54:32.223Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/homarr-labs/homarr/security/advisories/GHSA-vwqf-2f4m-2cq2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/homarr-labs/homarr/security/advisories/GHSA-vwqf-2f4m-2cq2"
},
{
"name": "https://github.com/homarr-labs/homarr/commit/fce970c70653f200ff1c73081139a77f0379bd91",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/homarr-labs/homarr/commit/fce970c70653f200ff1c73081139a77f0379bd91"
},
{
"name": "https://github.com/homarr-labs/homarr/releases/tag/v1.54.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/homarr-labs/homarr/releases/tag/v1.54.0"
}
],
"source": {
"advisory": "GHSA-vwqf-2f4m-2cq2",
"discovery": "UNKNOWN"
},
"title": "Homarr: Unauthenticated SSRF in rssFeed.ts"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27797",
"datePublished": "2026-03-07T05:54:32.223Z",
"dateReserved": "2026-02-24T02:31:33.266Z",
"dateUpdated": "2026-03-09T20:44:25.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27808 (GCVE-0-2026-27808)
Vulnerability from cvelistv5 – Published: 2026-02-25 23:51 – Updated: 2026-02-26 15:47- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/axllent/mailpit/security/advis… | x_refsource_CONFIRM |
| https://github.com/axllent/mailpit/commit/10ad4df… | x_refsource_MISC |
| https://github.com/axllent/mailpit/releases/tag/v1.29.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27808",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T15:47:50.457289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:47:56.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/axllent/mailpit/security/advisories/GHSA-mpf7-p9x7-96r3"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mailpit",
"vendor": "axllent",
"versions": [
{
"status": "affected",
"version": "\u003c 1.29.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API (/api/v1/message/{ID}/link-check) is vulnerable to Server-Side Request Forgery (SSRF). The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering private/internal IP addresses. The response returns status codes and status text per link, making this a non-blind SSRF. In the default configuration (no authentication on SMTP or API), this is fully exploitable remotely with zero user interaction. This is the same class of vulnerability that was fixed in the HTML Check API (CVE-2026-23845 / GHSA-6jxm-fv7w-rw5j) and the screenshot proxy (CVE-2026-21859 / GHSA-8v65-47jx-7mfr), but the Link Check code path was not included in either fix. Version 1.29.2 fixes this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T23:51:20.365Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axllent/mailpit/security/advisories/GHSA-mpf7-p9x7-96r3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axllent/mailpit/security/advisories/GHSA-mpf7-p9x7-96r3"
},
{
"name": "https://github.com/axllent/mailpit/commit/10ad4df8cc0cd9e51dea1b4410009545eef7fbf5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axllent/mailpit/commit/10ad4df8cc0cd9e51dea1b4410009545eef7fbf5"
},
{
"name": "https://github.com/axllent/mailpit/releases/tag/v1.29.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axllent/mailpit/releases/tag/v1.29.2"
}
],
"source": {
"advisory": "GHSA-mpf7-p9x7-96r3",
"discovery": "UNKNOWN"
},
"title": "Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27808",
"datePublished": "2026-02-25T23:51:20.365Z",
"dateReserved": "2026-02-24T02:31:33.267Z",
"dateUpdated": "2026-02-26T15:47:56.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27818 (GCVE-0-2026-27818)
Vulnerability from cvelistv5 – Published: 2026-02-26 00:02 – Updated: 2026-02-26 15:16| URL | Tags |
|---|---|
| https://github.com/TerriaJS/terriajs-server/secur… | x_refsource_CONFIRM |
| https://github.com/TerriaJS/terriajs-server/commi… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| TerriaJS | terriajs-server |
Affected:
< 4.0.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27818",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T15:16:18.815543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:16:30.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "terriajs-server",
"vendor": "TerriaJS",
"versions": [
{
"status": "affected",
"version": "\u003c 4.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not explicitly allowed in the `proxyableDomains` configuration. Version 4.0.3 fixes the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T00:02:45.127Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TerriaJS/terriajs-server/security/advisories/GHSA-w789-49fc-v8hr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TerriaJS/terriajs-server/security/advisories/GHSA-w789-49fc-v8hr"
},
{
"name": "https://github.com/TerriaJS/terriajs-server/commit/3aaa5d9717162b245ae4569232bbe7d8673c913f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TerriaJS/terriajs-server/commit/3aaa5d9717162b245ae4569232bbe7d8673c913f"
}
],
"source": {
"advisory": "GHSA-w789-49fc-v8hr",
"discovery": "UNKNOWN"
},
"title": "TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27818",
"datePublished": "2026-02-26T00:02:45.127Z",
"dateReserved": "2026-02-24T02:32:39.799Z",
"dateUpdated": "2026-02-26T15:16:30.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.