Server-Side Request Forgery

Blind server-side request forgery in M-Files Server before version 26.3 allows unauthenticated remote attackers to force the server to send HTTP GET requests to arbitrary URLs through legacy connection methods in document co-authoring features. This vulnerability enables attackers to probe internal networks, access internal services, or trigger downstream attacks without requiring authentication, with a CVSS score of 6.9 reflecting moderate real-world impact.

Server-side request forgery in AutohomeCorp frostmourne up to version 1.0 allows authenticated remote attackers to manipulate the Alarm Preview component via an unknown function in AlarmController.java, enabling arbitrary HTTP requests from the vulnerable server with potential to access internal resources, leak sensitive data, or interact with backend systems. Publicly available exploit code exists; CVSS 6.3 reflects moderate severity with low attack complexity and limited impact scope.

Server-Side Request Forgery (SSRF) in FastMCP's OpenAPIProvider allows authenticated attackers to access arbitrary backend endpoints through path traversal injection in OpenAPI path parameters. The vulnerability arises from improper URL encoding in the RequestDirector._build_url() method, enabling attackers to escape intended API prefixes using '../' sequences and reach internal administrative or sensitive endpoints while inheriting the MCP provider's authentication context. This affects the fastmcp Python package and enables privilege escalation beyond the OpenAPI specification's intended API surface. No public exploit identified at time of analysis, though detailed proof-of-concept code exists in the GitHub advisory demonstrating traversal to /admin endpoints.

FreeScout prior to version 1.8.211 fails to validate Server-Side Request Forgery (SSRF) protections due to a flawed IP range check in checkIpByMask() that only accepts CIDR notation and rejects plain IP addresses, leaving the entire 10.0.0.0/8 and 172.16.0.0/12 private IP ranges unprotected from SSRF attacks. Remote attackers can exploit this logic error to access internal services and resources on private networks that the application can reach, potentially escalating to information disclosure or further lateral movement. The vulnerability is confirmed patched in version 1.8.211.

Stored server-side request forgery (SSRF) in WWBN AVideo 26.0 and prior allows authenticated users with upload permissions to inject arbitrary URLs into the EPG (Electronic Program Guide) link feature, which the server automatically fetches on each EPG page visit. This enables attackers to scan internal networks, access cloud metadata services, and interact with internal services without the authentication or complexity barriers normally present in network-based attacks. No public exploit code identified at time of analysis.

Server-Side Request Forgery in InvoiceShelf 2.x allows authenticated administrators to exfiltrate internal network data via malicious HTML in estimate PDF generation. The vulnerability stems from unsanitized user input passed to the Dompdf rendering library, enabling arbitrary HTTP requests from the server. Exploitable through PDF preview and customer view endpoints without requiring email functionality. Patched in version 2.2.0. CVSS 7.6 reflects high confidentiality impact with scope change (C:H/S:C), requiring high privileges (PR:H) but low attack complexity over network vector. No confirmed active exploitation (not in CISA KEV), but the technical barrier is low for authenticated attackers with administrative access.

Server-Side Request Forgery in InvoiceShelf prior to version 2.2.0 allows authenticated high-privilege users to force the server to make arbitrary HTTP requests through the invoice PDF generation module. Attackers can inject malicious HTML into the invoice Notes field, which Dompdf processes without sanitization, fetching remote resources and potentially accessing internal network services or exfiltrating data via out-of-band channels. EPSS data not available; no public exploit identified at time of analysis. The CVSS score of 7.6 reflects high confidentiality impact with scope change, indicating potential for significant internal network reconnaissance.

Server-Side Request Forgery in InvoiceShelf's PDF payment receipt generation allows authenticated high-privilege users to make arbitrary HTTP requests from the server through unsanitized HTML injection in payment Notes fields. The vulnerability affects InvoiceShelf versions prior to 2.2.0, leveraging the Dompdf library's resource fetching behavior to pivot attacks against internal network resources or exfiltrate data via DNS/HTTP channels. CVSS 7.6 reflects network-accessible attack with low complexity but high privileges required and cross-scope impact. No public exploit identified at time of analysis, with EPSS data unavailable for this recent CVE. Vendor-released patch available in version 2.2.0 per GitHub security advisory.

Server-side request forgery (SSRF) in Discourse group email settings test endpoint allows authenticated non-staff group owners to initiate outbound connections to arbitrary hosts and ports, enabling internal network reconnaissance. Affects Discourse 2026.1.0-2026.1.2, 2026.2.0-2026.2.1, and 2026.3.0-rc versions. Patched in 2026.1.3, 2026.2.2, and 2026.3.0. No public exploit code or active exploitation confirmed at time of analysis.

Server-side request forgery (SSRF) in Chatwoot up to version 4.11.2 allows authenticated remote attackers to manipulate the URL argument in the Webhooks::Trigger function, enabling arbitrary HTTP requests from the server. Publicly available exploit code exists, and the vendor has not responded to disclosure efforts. While CVSS is moderate (5.3), the presence of public POC and authenticated attack vector creates a meaningful exploitation risk for deployed instances.

Server-side request forgery in OpenClaw before 2026.3.28 allows unauthenticated remote attackers to fetch internal URLs through unguarded image download operations in the fal provider image-generation-provider.ts component, enabling exposure of internal service metadata and responses via the image pipeline. CVSS 5.3 indicates moderate integrity impact without authentication requirements. No public exploit code or active exploitation confirmed at time of analysis.

Server-Side Request Forgery (SSRF) in FastGPT's Model Context Protocol (MCP) tools endpoints allows authenticated attackers to probe internal networks, access cloud metadata services (e.g., AWS/GCP instance credentials), and interact with backend databases like MongoDB and Redis. Affects FastGPT versions prior to 4.14.9.5. The vulnerability has CVSS 7.7 (High) with scope change indicating potential lateral movement to other system components. EPSS data not available; no confirmed active exploitation (not in CISA KEV). Public exploit code exists via GitHub security advisory GHSA-x9vj-5m4j-9mfv with technical details and proof-of-concept guidance.

Unauthenticated Server-Side Request Forgery (SSRF) in Performance Monitor WordPress plugin through version 1.0.6 allows remote attackers to perform arbitrary HTTP requests by exploiting insufficient parameter validation. The vulnerability enables attackers without authentication to interact with internal network resources and services accessible from the WordPress server, potentially leading to information disclosure, lateral movement, or interaction with backend systems.

Server-Side Request Forgery in OpenStack Glance image import allows authenticated users to bypass URL validation via HTTP redirects and reach internal services. Affected versions include Glance prior to 29.1.1, 30.0.0 through 30.1.0, and 31.0.0. The vulnerability impacts web-download and glance-download import methods, plus the optional ovf_process plugin. An authenticated attacker can craft a redirect chain to access restricted internal endpoints, though the CVSS vector indicates no confidentiality impact and limited integrity risk (CVSS 5.0). No public exploit code or active exploitation has been confirmed at time of analysis.

Kyverno versions 1.16.0 and later contain a server-side request forgery vulnerability in unrestricted CEL HTTP functions that allow attackers to make arbitrary HTTP requests from the Kyverno controller, potentially accessing internal services and metadata endpoints. The vulnerability affects Kubernetes clusters running vulnerable Kyverno versions with policies utilizing CEL-based HTTP operations, with no CVSS or EPSS data currently available to quantify severity.

Server-Side Request Forgery (SSRF) in Tautulli prior to version 2.17.0 allows remote attackers to forge outbound HTTP requests from the Plex Media Server process via the unauthenticated /pms_image_proxy endpoint, potentially exposing internal services on RFC-1918 address space and enabling reconnaissance or attacks against systems accessible from the Plex server's network context.

Server-side request forgery in SourceCodester RSS Feed Parser 1.0 via the file_get_contents function allows authenticated remote attackers to perform arbitrary HTTP requests from the vulnerable server. The vulnerability has a CVSS score of 5.3 with low impact across confidentiality, integrity, and availability, and publicly available exploit code exists.

Server-Side Request Forgery (SSRF) in HAPI FHIR Validator HTTP service leaks authentication credentials for configured FHIR package registries to attacker-controlled domains. The unauthenticated `/loadIG` endpoint accepts arbitrary URLs, and a flawed `startsWith()` prefix matching logic in credential provider causes Bearer tokens, Basic auth, and API keys to be sent to domains like `packages.fhir.org.attacker.com` when legitimate servers like `packages.fhir.org` are configured. No public exploit identified at time of analysis, but EPSS score and detailed proof-of-concept in advisory indicate high weaponization potential. CVSS 9.3 (Critical) reflects scope change — stolen credentials compromise external FHIR registries and clinical data repositories beyond the vulnerable validator.

Server-side request forgery (SSRF) in FHIR Validator HTTP service allows unauthenticated remote attackers to probe internal network services and cloud metadata endpoints via the /loadIG endpoint, which accepts arbitrary URLs without hostname or domain validation. The vulnerability defaults to allowing all outbound requests, and redirect following bypasses even configured domain restrictions. With the explore=true default setting, each request amplifies reconnaissance capability through multiple outbound HTTP calls, enabling blind network topology mapping and metadata service access.

Server-side request forgery in Docker Model Runner allows unprivileged containers or malicious OCI registries to make arbitrary GET requests to internal services by exploiting unvalidated realm URLs in the OCI registry token exchange flow. Affected versions prior to 1.1.25 (Docker Desktop prior to 4.67.0) permit attackers to access host-local services and reflect response bodies back to the caller, potentially exfiltrating sensitive data from internal endpoints. No public exploit code or active exploitation has been reported at time of analysis.

Server-side request forgery in CrewAI's RAG search tools allows remote attackers to access internal and cloud services by injecting malicious URLs at runtime without proper validation. The vulnerability affects CrewAI's content acquisition mechanisms, enabling unauthorized data exfiltration from internal networks and cloud-hosted resources. No CVSS score, active exploitation status, or patch information is currently available in public sources.

Invoice Ninja versions 5.12.46 and 5.12.48 contain a Server-Side Request Forgery (SSRF) vulnerability in the CheckDatabaseRequest.php component that allows remote attackers to perform unauthorized requests to internal or external systems. The vulnerability affects the setup and database configuration functionality, potentially enabling attackers to access internal services, probe private networks, or interact with restricted resources from the server's perspective.

KubePlus 4.1.4 allows server-side request forgery (SSRF) and arbitrary HTTP header injection through improperly validated chartURL fields in ResourceComposition resources. The mutating webhook and kubeconfiggenerator components concatenate user-supplied chartURL values directly into wget command invocations without proper escaping, enabling attackers to inject wget options such as --header to forge HTTP requests or exfiltrate sensitive data. No patch version information is currently available, and exploitation status remains unconfirmed from authoritative sources.

Server-Side Request Forgery (SSRF) in parisneo/lollms versions before 2.2.0 allows unauthenticated remote attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints via the `/api/files/export-content` endpoint. The vulnerability stems from insufficient URL validation in the `_download_image_to_temp()` function, enabling internal network reconnaissance, access to cloud instance metadata (AWS/GCP/Azure), and potential remote code execution through server-side exploitation chains. EPSS data not available; no public exploit identified at time of analysis. Vendor-released patch available in commit 76a54f0 and version 2.2.0.

Server-Side Request Forgery (SSRF) in elecV2P versions up to 3.8.3 allows unauthenticated remote attackers to manipulate internal or external HTTP requests via the eAxios function in the /mock URL handler. The vulnerability enables unauthorized access to internal resources, data exfiltration from confidential endpoints, and potential lateral movement within internal networks. Publicly available exploit code exists (GitHub issue #202), significantly lowering the barrier to exploitation. EPSS data not provided, but the combination of network-accessible attack vector, low complexity, no authentication requirement, and public POC represents elevated real-world risk. Vendor has not responded to early disclosure.

Server-Side Request Forgery (SSRF) in Oxygen Theme for WordPress versions up to 6.0.8 allows unauthenticated remote attackers to make arbitrary HTTP requests from the web server via the vulnerable laborator_calc_route AJAX action. This vulnerability is confirmed exploitable without authentication (CVSS PR:N) and enables attackers to query or modify internal services behind firewalls, exfiltrate cloud metadata (AWS/Azure credentials), or scan internal networks. No public exploit identified at time of analysis, though the unauthenticated attack vector and low complexity (AC:L) suggest straightforward exploitation.

Server-Side Request Forgery (SSRF) in LinkAce self-hosted link archival application allows authenticated users to bypass IP-based blocklist protections and access internal-only resources through hostname resolution. Attackers with low-privilege accounts can leverage this to probe internal network services, exfiltrate sensitive data from internal APIs, or pivot to otherwise unreachable infrastructure. CVSS 8.5 (High) with cross-scope impact reflects the potential for lateral movement beyond the application boundary. No active exploitation confirmed (CISA KEV: not listed), but the vulnerability class (CWE-918 SSRF) is commonly exploited when accessible to authenticated users. Patch available in version 2.5.3.

A SSRF vulnerability (CVSS 7.4). High severity vulnerability requiring prompt remediation.

Server-side request forgery in LibreChat 0.8.2-rc2 through 0.8.2 allows authenticated users to access internal network resources via incomplete DNS validation bypass. Despite a prior SSRF patch, the current hostname validation fails to check if DNS resolution points to private IP addresses, enabling attackers to reach internal RAG APIs and cloud metadata endpoints. CVSS 7.7 with network-based attack vector and low complexity. EPSS data not available; no confirmed active exploitation (not listed in CISA KEV). Patch released in version 0.8.3-rc1.

Server-Side Request Forgery (SSRF) in LibreChat versions prior to 0.8.3 allows authenticated users to bypass IP validation and force the application server to make HTTP requests to internal network resources. The vulnerability stems from improper validation of IPv4-mapped IPv6 addresses in hex-normalized form, enabling access to cloud metadata services (AWS 169.254.169.254), loopback addresses, and RFC1918 private networks. With EPSS data unavailable and no CISA KEV listing, no public exploit identified at time of analysis, though the specific bypass technique (hex-normalized IPv4-mapped IPv6) is well-documented in SSRF research.

PyLoad download manager (version 0.5.0 and potentially earlier, distributed via pip as pyload-ng) allows authenticated users to perform Server-Side Request Forgery attacks by submitting arbitrary URLs through the /api/addPackage endpoint without validation. Attackers with valid credentials can exfiltrate cloud provider metadata from AWS EC2, DigitalOcean, Google Cloud, and Azure instances, exposing IAM credentials, SSH keys, API tokens, and internal network topology. A proof-of-concept demonstration is documented with live instance credentials, and upstream fix available (PR/commit); released patched version not independently confirmed based on GitHub commit reference b76b6d4ee5e32d2118d26afdee1d0a9e57d4bfe8.

Server-side request forgery in letta-ai letta 0.16.4 allows authenticated remote attackers to manipulate ImageContent parameters in the _convert_message_create_to_message function within the file URL handler, enabling arbitrary HTTP requests to internal or external systems. Letta versions up to and including 0.16.4 are affected. Publicly available exploit code exists, and the vendor has not responded to early disclosure notifications, leaving affected deployments without an official patch at time of analysis.

Server-side request forgery in mingSoft MCMS versions through 5.5.0 enables remote unauthenticated attackers to force the application server to make arbitrary HTTP requests to internal or external systems via the catchimage parameter in the Editor Endpoint's catchImage function. Publicly available exploit code exists (GitHub POC published), increasing immediate risk. The CVSS score of 7.3 reflects network-based attack vector with no authentication required and impacts to confidentiality, integrity, and availability.

Calibre versions prior to 9.6.0 allow remote attackers to exfiltrate arbitrary files from the host system through a combination of path traversal in image handling during file conversion and unauthenticated server-side request forgery in the ebook reader web view's background-image endpoint. An attacker can craft a malicious markdown or text-based file that references files outside the intended directory, then retrieve those files through the unprotected background-image handler without authentication, enabling complete file system disclosure on systems running vulnerable Calibre instances.

Server-Side Request Forgery in calibre's background-image endpoint allows remote attackers to perform blind GET requests to arbitrary URLs and exfiltrate sensitive information from the e-book sandbox prior to version 9.6.0. Calibre versions before 9.6.0 are affected, with vendor-released patch available at version 9.6.0 or later. No active exploitation or public exploit code has been confirmed at time of analysis.

Server-Side Request Forgery in Spring AI Bedrock Converse module enables unauthenticated remote attackers to force the application server to issue HTTP requests to arbitrary internal or external destinations by supplying malicious media URLs in multimodal messages. Spring AI versions 1.0.0 through 1.0.4 and 1.1.0 through 1.1.3 are affected. The vulnerability carries a CVSS score of 8.6 with high confidentiality impact and changed scope, indicating potential access to internal network resources. No public exploit identified at time of analysis.

Page-Replica endpoint /sitemap improperly validates the url parameter in the sitemap.fetch function, enabling server-side request forgery (SSRF) attacks by authenticated users. An attacker with login credentials can craft malicious requests to make the vulnerable server fetch arbitrary internal or external resources, potentially exposing sensitive data or facilitating lateral movement. The vulnerability affects all versions up to commit e4a7f52e75093ee318b4d5a9a9db6751050d2ad0 under the product's rolling release model, with publicly available exploit code and an EPSS score indicating elevated exploitation probability, though the vendor has not responded to early disclosure.

OTCMS versions 7.66 and earlier contain an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the /admin/read.php endpoint's AnnounContent parameter, enabling remote attackers to craft arbitrary HTTP requests targeting internal services or external systems without requiring credentials. The vulnerability is documented in public security research; however, no CVSS score, EPSS probability, or confirmed active exploitation status is available from CISA KEV data at this time.

DNS rebinding bypasses SSRF protection in Lychee photo-management tool versions prior to 7.5.2, allowing authenticated remote attackers to access restricted internal resources by providing domain names instead of IP addresses to the photo URL import feature. The vulnerability exploits a logic flaw in PhotoUrlRule.php where hostname validation only applies to IP addresses, leaving domain-based requests unvalidated. Vendor-released patch available (version 7.5.2); no public exploit identified at time of analysis.

The Drupal OpenID Connect / OAuth client module versions prior to 1.5.0 contains a Server-Side Request Forgery (SSRF) vulnerability that allows remote attackers to make arbitrary HTTP requests from the affected server. This vulnerability affects all installations running OpenID Connect / OAuth client versions 0.0.0 through 1.5.0, and attackers can leverage the SSRF to access internal services, retrieve sensitive metadata, or interact with backend systems not directly accessible from the internet. No public exploit code or active exploitation has been confirmed at the time of analysis, though the vulnerability affects a widely-deployed Drupal authentication module.

Incomplete IP validation in Lychee's SSRF protection mechanism allows authenticated users to bypass all four security configuration settings by leveraging loopback and link-local addresses, enabling access to internal services. The vulnerability affects Lychee versions prior to 7.5.1 and requires prior authentication but carries low confidentiality impact. No public exploit code or active exploitation has been identified at time of analysis, though the attack vector is network-accessible and requires minimal complexity.

PHP applications using the affected functions fail to re-validate redirect targets during HTTP requests, allowing attackers to bypass SSRF protections by chaining a legitimate public URL with a redirect to internal resources. An attacker can exploit this weakness in endpoints that fetch remote content after initial URL validation, potentially gaining access to private IP ranges and internal services. A patch is available.

Unauthenticated information disclosure in AVideo Scheduler plugin exposes internal infrastructure details, admin-composed email campaigns, and user targeting mappings through three unprotected list.json.php endpoints. Remote attackers without authentication can retrieve all scheduled task callbacks with internal URLs and parameters, complete email message bodies, and user-to-email relationships by issuing simple GET requests. A public proof-of-concept exists demonstrating the vulnerability; patch availability has been confirmed by the vendor.

Firecrawl's Playwright scraping service through version 2.8.0 permits attackers to bypass SSRF protections and access internal network resources by exploiting a validation gap in redirect handling. Unauthenticated remote attackers can supply externally valid URLs that redirect to restricted internal endpoints, as network policy checks apply only to the initial request and not subsequent redirect destinations. With a CVSS score of 7.8 and high subsequent system confidentiality impact (SC:H), this represents a distinct post-redirect enforcement weakness separate from general redirect-based SSRF (CVE-2024-56800), though no public exploit is identified at time of analysis.

A SSRF vulnerability in A flaw (CVSS 3.1) that allows the attacker. Remediation should follow standard vulnerability management procedures.

Saloon versions prior to v4 contain a Server-Side Request Forgery (SSRF) vulnerability in the resolveEndpoint method that allows attackers to redirect authenticated requests to arbitrary hosts. When user-controlled input is passed as an endpoint parameter containing an absolute URL (e.g., https://attacker.example.com), Saloon ignores the connector's base URL and sends the request directly to the attacker-controlled destination, potentially leaking authentication headers, cookies, and tokens. This vulnerability affects the Saloon PHP HTTP client library (composer package saloonphp/saloon) and requires immediate upgrade to v4 or later to remediate.

Streamlit Open Source versions prior to 1.54.0 running on Windows contain an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the ComponentRequestHandler that improperly validates filesystem paths, allowing attackers to coerce the Streamlit server into initiating outbound SMB connections to attacker-controlled hosts. This can result in the exposure of NTLMv2 credential hashes for the Windows user running the Streamlit process, which may be subjected to offline brute-force attacks or relayed to other internal services. The vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog, but a patch is available from the vendor (version 1.54.0), and the attack requires network adjacency (AV:A) and is not trivial to exploit (AC:H).

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain a server-side request forgery (SSRF) vulnerability that allows authenticated attackers to send unauthorized requests from the affected system. This could enable network enumeration, lateral movement, or facilitate secondary attacks against internal systems. The vulnerability requires valid authentication credentials but presents moderate risk with a CVSS score of 5.4 and has an available patch from IBM.

A SSRF vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain a server-side request forgery (SSRF) vulnerability that allows authenticated attackers to send unauthorized requests from the vulnerable system. This enables network enumeration, lateral movement, or facilitation of secondary attacks against internal or external resources. The vulnerability requires valid credentials to exploit but carries moderate real-world risk given the CVSS 5.4 score and the authenticated attack vector.

IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.3 contain a server-side request forgery (SSRF) vulnerability that allows authenticated remote attackers to send unauthorized requests from the vulnerable system. This exposure could enable network enumeration, internal service discovery, or facilitate secondary attacks against internal infrastructure. A patch is available from IBM, and the vulnerability requires authenticated access (PR:L) but has low attack complexity, making it a medium-priority issue for organizations running affected Liberty instances.

A Server-Side Request Forgery (SSRF) vulnerability exists in Contest Gallery, a WordPress plugin developed by Wasiliy Strecker, affecting versions up to and including 28.1.2.1. This vulnerability allows attackers to abuse the affected application to make unauthorized requests to internal or external systems, potentially leading to information disclosure, internal network reconnaissance, or attacks against backend services. The vulnerability was reported by Patchstack and tracked under EUVD-2026-15576; however, no CVSS score, EPSS data, or confirmed active exploitation status is currently available, limiting the ability to assess immediate severity.

A Server-Side Request Forgery (SSRF) vulnerability exists in Drupal Canvas versions prior to 1.1.1, allowing attackers to manipulate the server into making unauthorized requests to internal or external resources. This vulnerability affects all Drupal Canvas installations from version 0.0.0 through 1.1.0, enabling attackers to access sensitive internal services, bypass network segmentation, or exfiltrate data. No CVSS score, EPSS data, or public proof-of-concept information is currently available, though the vulnerability has been formally documented by the Drupal security team.

PinchTab v0.8.3 contains a server-side request forgery vulnerability in its optional webhook scheduler that allows authenticated attackers to trigger outbound HTTP POST requests to arbitrary destinations, including internal and non-public IP ranges. The vulnerability exists because the webhook delivery path validates only the URL scheme (http/https) without rejecting loopback, private, or link-local addresses, and the HTTP client follows redirects without re-validation. A proof-of-concept is publicly available demonstrating blind SSRF capability; however, practical exploitation requires either administrative API token access in token-protected deployments or a tokenless configuration, and the scheduler must be explicitly enabled (it is disabled by default).

Wallos, an open-source self-hostable subscription tracker, contains a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 4.7.0 that allows authenticated users to access internal network services, cloud metadata endpoints, and localhost-bound services. The vulnerability exists in three unprotected attack surfaces: the AI Ollama host parameter, the AI recommendations endpoint, and the notification cron job-areas that were missed when SSRF protections were partially implemented in an earlier patch (CVE-2026-30840). An attacker with valid credentials can leverage these endpoints to reach sensitive internal resources including AWS IMDSv1, GCP, and Azure metadata services.

An incomplete Server-Side Request Forgery (SSRF) mitigation in Wallos, a self-hostable subscription tracker, allows authenticated attackers to bypass security controls and force the application to make requests to internal or private IP addresses. Wallos versions prior to 4.7.0 are affected. The vulnerability occurs because SSRF validation was added to test notification endpoints but not the corresponding save endpoints, enabling attackers to store malicious URLs that execute without validation when the cron job runs. No active exploitation (KEV) or public POC is currently documented.

Wallos, an open-source self-hostable subscription tracker, contains a Server-Side Request Forgery (SSRF) vulnerability in the endpoints/logos/search.php endpoint prior to version 4.7.0. The vulnerability allows unauthenticated attackers to hijack HTTP_PROXY and HTTPS_PROXY environment variables without validation, enabling them to redirect outbound requests to arbitrary domains by manipulating DNS resolution through user-supplied search terms. This attack requires no special privileges and can be executed remotely over the network, making it a significant risk for exposed Wallos instances.

A critical Server-Side Request Forgery (SSRF) vulnerability exists in the LoLLMs WEBUI application, allowing unauthenticated remote attackers to force the server to make arbitrary GET requests through the `/api/proxy` endpoint. All known existing versions of lollms-webui are affected, and as of publication, no patched version is available. Attackers can exploit this to access internal services, scan local networks, or exfiltrate sensitive cloud metadata such as AWS or GCP IAM tokens.

Vikunja versions prior to 2.2.1 contain a Server-Side Request Forgery (SSRF) vulnerability in the avatar image download functionality that fails to implement proper protections when fetching user profile pictures from OpenID Connect provider URLs. An authenticated attacker can exploit this by controlling their OIDC profile picture URL to force the Vikunja server to make arbitrary HTTP GET requests to internal networks or cloud metadata endpoints, potentially disclosing sensitive information. The vulnerability has a CVSS score of 6.4 (medium severity) and is patched in version 2.2.1.

Vikunja prior to version 2.2.1 contains a Server-Side Request Forgery (SSRF) vulnerability in its migration helper functions that lack HTTP request validation. An authenticated attacker can exploit this by triggering a Todoist or Trello migration, which causes the Vikunja server to fetch arbitrary URLs specified in attachment metadata from third-party APIs, potentially exposing internal network resources and returning their contents as task attachments. The vulnerability requires low privilege (authenticated user) and carries a CVSS score of 6.4 with moderate confidentiality and availability impact across network boundaries.

A Server-Side Request Forgery (SSRF) vulnerability exists in DefaultFuction Jeson-Customer-Relationship-Management-System affecting versions up to commit 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. The vulnerability resides in the /api/System.php file where the 'url' parameter can be manipulated to force the server to make arbitrary requests. A publicly disclosed proof-of-concept exploit is available on GitHub, and patches have been released by the vendor.

This vulnerability in Roadiz's DownloadedFile::fromUrl() method allows authenticated users with ROLE_ACCESS_DOCUMENTS to read arbitrary files from the server via PHP stream wrapper abuse, specifically by injecting file:// URIs into media import workflows. An attacker can extract sensitive files including .env configuration files, database credentials, and system files, achieving complete confidentiality compromise of the application and potentially the underlying infrastructure. A proof-of-concept exists demonstrating exploitation through malicious Podcast RSS feeds, and a patch is available from the vendor.

OpenClaw contains a server-side request forgery (SSRF) vulnerability in its web search citation redirect resolution mechanism that allows unauthenticated remote attackers to trigger requests to internal network destinations from the OpenClaw gateway host. OpenClaw versions prior to 2026.3.1 are affected. Attackers who can influence citation redirect targets can exploit this to access private network resources, with a CVSS score of 8.3 indicating high severity with low complexity and no privileges required.

A Server-Side Request Forgery (SSRF) vulnerability exists in the external page migration feature of the Page Management Plugin (Connect CMS), allowing authenticated attackers with page management screen access to make the server perform requests to internal destinations and disclose sensitive information. The vulnerability affects Connect CMS versions 1.x through 1.41.0 and 2.x through 2.41.0, with patches available in versions 1.41.1 and 2.41.1 respectively. With a CVSS score of 6.8 and moderate attack complexity requiring high privileges, this represents a real but bounded risk primarily to organizations running older plugin versions with administrative users who may be compromised or malicious.

Server-side request forgery in Kodbox 1.64's fileGet endpoint allows authenticated attackers to manipulate the path parameter in the PathDriverUrl function, enabling arbitrary outbound requests from the affected server. Public exploit code exists for this vulnerability, and no patch is currently available. The impact is limited to users with valid credentials, though successful exploitation could facilitate further network reconnaissance or attacks against internal systems.

A SSRF vulnerability (CVSS 6.3) that allows an attacker. Remediation should follow standard vulnerability management procedures.

A Server-Side Request Forgery (SSRF) vulnerability exists in the validateUrlSecurity function within trueleaf ApiFlow version 0.9.7's URL validation handler. This flaw allows unauthenticated remote attackers to manipulate server-side requests to access internal resources or perform actions on behalf of the server. A public proof-of-concept exploit has been disclosed and is available, significantly lowering the barrier to exploitation.

The Content Syndication Toolkit plugin for WordPress contains an unauthenticated Server-Side Request Forgery vulnerability that allows attackers to make arbitrary HTTP requests from the WordPress server. All versions up to and including 1.3 are affected through a bundled ReduxFramework library that exposes an unprotected AJAX proxy endpoint. Attackers can exploit this to query internal services, scan internal network ports, access cloud metadata endpoints, or interact with internal APIs without any authentication, representing a significant risk for reconnaissance and lateral movement in internal networks.

The Performance Monitor plugin for WordPress contains a Server-Side Request Forgery (SSRF) vulnerability in its REST API endpoint that allows unauthenticated attackers to make arbitrary web requests to internal services using dangerous protocols including Gopher. Versions up to and including 1.0.6 are affected. This vulnerability can be chained with services like Redis to achieve Remote Code Execution, making it a critical security concern despite the 7.2 CVSS score.

The MimeTypes Link Icons plugin for WordPress contains a Server-Side Request Forgery (SSRF) vulnerability affecting all versions up to and including 3.2.20. Authenticated attackers with Contributor-level access or higher can exploit this flaw when the 'Show file size' option is enabled by embedding crafted links in post content, allowing them to make arbitrary HTTP requests from the server to internal or external resources. This enables querying and potentially modifying information from internal services that should not be accessible from the public internet.

The Post Affiliate Pro WordPress plugin versions up to 1.28.0 contain a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated administrators to make arbitrary outbound web requests from the affected server and read response content. An attacker with administrator-level access can exploit this to interact with internal services, exfiltrate data, or pivot to other systems. Wordfence has confirmed exploitation via external Collaborator endpoints, and the CVSS 6.5 score reflects moderate severity with low attack complexity.

The WowOptin: Next-Gen Popup Maker plugin for WordPress contains a Server-Side Request Forgery (SSRF) vulnerability affecting all versions up to and including 1.4.29. An unauthenticated attacker can exploit a publicly accessible REST API endpoint (optn/v1/integration-action) that passes user-supplied URLs directly to wp_remote_get() and wp_remote_post() without validation, allowing arbitrary web requests from the server. This enables querying and modifying information from internal services with a CVSS score of 7.2 (High), though no active exploitation (KEV) or public POC has been documented at this time.

An unauthenticated server-side request forgery (SSRF) vulnerability exists in AVideo's Live plugin test.php endpoint that allows remote attackers to force the server to send HTTP requests to arbitrary URLs. The vulnerability affects AVideo installations with the Live plugin enabled and can be exploited to probe internal network services, access cloud metadata endpoints, and retrieve content from internal HTTP resources. A proof-of-concept has been published demonstrating localhost service enumeration, and the vulnerability requires no authentication or user interaction to exploit.

AVideo, an open-source video platform, contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated attackers to bypass URL validation using IPv4-mapped IPv6 addresses (::ffff:x.x.x.x format). The vulnerable endpoint plugin/LiveLinks/proxy.php can be exploited to access cloud metadata services (AWS, GCP, Azure), internal networks, and localhost services without authentication. A detailed proof-of-concept is publicly available demonstrating credential theft from AWS instance metadata, making this a critical risk for cloud-hosted installations.

Frigate versions prior to 0.16.3 contain a Server-Side Request Forgery (SSRF) vulnerability in the /ffprobe endpoint that accepts arbitrary user-controlled URLs without proper validation. An authenticated attacker can leverage this endpoint to make HTTP requests to internal network resources, cloud metadata services (such as AWS IMDSv1), or perform reconnaissance activities like port scanning against systems accessible from the Frigate server. The vulnerability requires low privileges (authenticated user) and has a network attack vector with low complexity, making it moderately exploitable in environments where Frigate is exposed to untrusted users.

AVideo, a video-sharing platform, contains a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 8.0 affecting the public thumbnail endpoints getImage.php and getImageMP4.php. Unauthenticated attackers can exploit insufficient URL validation to force the server to make requests to internal network resources including cloud metadata endpoints (AWS EC2 169.254.169.254), localhost, and private IP ranges. The vulnerability has a CVSS 4.0 score of 9.3 with network attack vector requiring no privileges or user interaction, though there is no evidence of active exploitation or public proof-of-concept at this time.

A Server-Side Request Forgery (SSRF) vulnerability in SQLBot, an intelligent data query system based on large language models and RAG, allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. SQLBot versions prior to 1.7.0 are affected, with the vulnerability exploitable through the /api/v1/datasource/check endpoint by configuring a malicious MySQL data source that triggers a LOAD DATA LOCAL INFILE attack during connection verification. The CVSS score of 8.7 with network-based attack vector and no privileges required indicates critical severity, though no KEV listing or EPSS data suggests exploitation in the wild has not yet been widely observed.

Kargo versions 1.4.0-1.6.3, 1.7.0-1.7.8, 1.8.0-1.8.11, and 1.9.0-1.9.4 contain a Server-Side Request Forgery vulnerability in http and http-download promotion steps that allows authenticated attackers to access cloud instance metadata endpoints and exfiltrate sensitive credentials like IAM keys. An attacker with permissions to create or modify Stages or Promotion resources can exploit this by crafting malicious manifests with full control over request headers and methods, bypassing cloud provider SSRF protections. Currently, no patch is available for this vulnerability.

Server-Side Request Forgery in SuiteCRM versions prior to 7.15.1 and 8.9.3 allows authenticated users to craft malicious PDF templates containing image tags that trigger server-side HTTP requests when PDFs are generated. An attacker with login credentials can exploit this to scan internal networks, access local services, or exfiltrate data from the server's perspective. No patch is currently available for affected versions.

The RSS Feed Dashlet in SuiteCRM versions before 7.15.1 and 8.9.3 is vulnerable to a server-side request forgery (SSRF) attack that can be exploited to trigger denial of service conditions. An unauthenticated remote attacker can leverage this vulnerability to disrupt service availability without requiring user interaction. No patch is currently available for this high-severity vulnerability affecting enterprise CRM deployments.

OpenClaw versions prior to 2026.3.1 contain an authentication bypass vulnerability where failed authentication bootstrap during startup leaves browser-control routes accessible without credentials. An attacker with local process access or ability to reach the application via loopback SSRF can exploit this to access sensitive browser-control functionality including code evaluation capabilities without valid authentication. This is a moderate-risk vulnerability with a CVSS score of 6.9 and realistic exploitation potential for local/SSRF-capable threats.

OpenClaw versions prior to 2026.2.22 contain a Server-Side Request Forgery (SSRF) vulnerability in MSTeams media attachment handling where redirect chain validation against the mediaAllowHosts allowlist is inconsistently applied. An authenticated attacker with low privileges can supply or influence attachment URLs that redirect to non-allowlisted targets, allowing them to bypass SSRF boundary controls and potentially access internal resources. The vulnerability has confirmed patch availability and security advisories from the vendor.

OpenClaw versions prior to 2026.2.22 contain incomplete validation of IPv4 special-use ranges in the isPrivateIpv4() function, allowing attackers to bypass Server-Side Request Forgery (SSRF) policy checks and access RFC-reserved address ranges that should be blocked. An authenticated attacker with network reachability to special-use IPv4 ranges such as 198.18.0.0/15 can exploit the web_fetch functionality to access blocked internal addresses, resulting in information disclosure and potential lateral movement. The vulnerability has been patched and security advisories are available from the OpenClaw project.

Azure Cloud Shell contains a server-side request forgery vulnerability that allows unauthenticated remote attackers to escalate privileges without user interaction. The vulnerability affects Microsoft products and has a critical CVSS score of 10.0, though no patch is currently available. Attackers can leverage network access to achieve privilege elevation across system boundaries.

Microsoft Purview is vulnerable to server-side request forgery (SSRF) that enables unauthenticated remote attackers to escalate privileges across network boundaries. This network-accessible vulnerability requires no user interaction and impacts the confidentiality of affected systems. No patch is currently available.

Microsoft Purview contains a server-side request forgery vulnerability that allows unauthenticated remote attackers to escalate privileges across network boundaries. An attacker can exploit this flaw without user interaction to gain unauthorized access to sensitive resources and functionality. No patch is currently available.

Microsoft 365 Copilot's Business Chat contains a server-side request forgery vulnerability that allows authenticated users to escalate privileges across network boundaries. An attacker with valid credentials can exploit this flaw to access or manipulate resources beyond their intended authorization level. No patch is currently available, making this a significant risk for organizations using the affected service.

Microsoft Bing contains a server-side request forgery vulnerability that enables unauthenticated remote attackers to manipulate network communications and access sensitive information. An attacker can exploit this flaw without user interaction to retrieve confidential data or cause service disruption. No patch is currently available.

OpenEMR versions prior to 8.0.0.2 allow authenticated users with the Notes role to trigger an out-of-band Server-Side Request Forgery (SSRF) vulnerability through unescaped HTML parsing in Eye Exam form PDF generation, enabling attackers to forge requests to arbitrary internal or external resources from the affected server. This vulnerability requires valid user credentials but no user interaction, and can lead to information disclosure or further internal network compromise. No patch is currently available for affected deployments.

A Server-Side Request Forgery (SSRF) vulnerability in AVideo's Live plugin allows unauthenticated remote attackers to scan internal networks, access cloud metadata services, and bypass authentication mechanisms when the plugin is deployed in standalone mode. The vulnerability exists because user-controlled input is directly used to construct URLs for server-side requests without validation, enabling attackers to proxy requests through the vulnerable server and potentially chain this with command execution. With a CVSS score of 9.1 and requiring no authentication or user interaction, this represents a critical security risk for affected deployments.