Server-Side Request Forgery

Kibana versions up to 9.3.0 contains a vulnerability that allows attackers to read arbitrary files from the Kibana server filesystem, and perform Server-Side (CVSS 8.6).

GVfs FTP backend clients blindly trust server-provided IP addresses and ports during passive mode connections, enabling malicious FTP servers to conduct network reconnaissance and probe for open ports from the client's network perspective. The vulnerability requires user interaction but poses a confidentiality risk to network topology information. A patch is available to address this trust validation issue.

Server-Side Request Forgery in Zitadel's Action V2 webhook feature allows unauthenticated attackers to probe internal network services and gather information about internal infrastructure by crafting malicious webhook target URLs pointing to localhost or private IP addresses. The vulnerability affects Zitadel versions 4.0.0 through 4.11.0, with schema validation providing limited mitigation. No patch is currently available.

Astro web framework versions 9.0.0 through 9.5.3 fail to validate remote image domains when the inferSize option is enabled, allowing attackers to trigger server-side requests to arbitrary hosts and bypass configured image.domains and image.remotePatterns restrictions. An attacker controlling image URLs through CMS content or user input can exploit this to perform SSRF attacks or access unauthorized resources. Public exploit code exists for this vulnerability.

Mailpit versions prior to 1.29.2 contain a Server-Side Request Forgery vulnerability in the Link Check API that allows unauthenticated remote attackers to perform HTTP requests to arbitrary hosts, including internal and private IP addresses. The API fails to validate or filter target URLs and returns status codes for each link, enabling non-blind SSRF attacks. Public exploit code exists for this vulnerability, affecting deployments with default configuration.

Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers.

LangChain's RecursiveUrlLoader in @langchain/community versions prior to 1.1.18 fails to validate redirect targets, allowing authenticated attackers to bypass SSRF protections by redirecting from whitelisted URLs to internal or metadata endpoints. An attacker with user credentials can exploit this to access sensitive internal resources or cloud metadata services through automatic redirect following. Affected applications should upgrade to version 1.1.18, which disables automatic redirects and re-validates each redirect destination.

The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery (SSRF) vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL reconstruction logic directly trusts and consumes user-controlled HTTP headers specifically the Host and `X-Forwarded-*` family to determine the application's base origin without any validation of the dest...

A weakness has been identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This vulnerability affects unknown code of the file /api/admin/common/files/download. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be executed remotely. Attacks of this nature are highly complex. It is stated that the exploitability is difficult. Upgrading to v...

Plane versions before 1.2.2 contain a server-side request forgery vulnerability in the "Add Link" feature that allows authenticated users to send arbitrary GET requests to internal networks and retrieve full response bodies. An attacker with basic user privileges can exploit this to steal sensitive data from internal services and cloud metadata endpoints. No patch is currently available.

esm.sh versions up to 137 contain an SSRF vulnerability in the `/http(s)` fetch route that allows remote attackers to bypass hostname validation through DNS alias domains and access internal localhost services. Public exploit code exists for this vulnerability, and no patches are currently available. This affects users of esm.sh CDN services and any applications relying on the affected versions.

esm.sh is a no-build content delivery network (CDN) for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. [CVSS 7.5 HIGH]

Authenticated WordPress users with Author-level or higher privileges can exploit a Server-Side Request Forgery vulnerability in the Responsive Lightbox & Gallery plugin (versions up to 2.7.1) due to improper hostname validation in the image upload function. This allows attackers to send arbitrary web requests from the vulnerable server to internal services, potentially exposing or modifying sensitive information within the network. The vulnerability affects all versions up to 2.7.1 with no patch currently available.

Website Link Extractor versions up to 1.0 is affected by server-side request forgery (ssrf) (CVSS 6.3).

changedetection.io is a free open source web page change detection tool. [CVSS 8.6 HIGH]

Mastodon servers with the experimental FASP feature enabled are vulnerable to Server-Side Request Forgery (SSRF) attacks, allowing unauthenticated attackers to register accounts with arbitrary base URLs that force the server to make requests to internal or local addresses. While attackers cannot control the full request path or view responses, this exposure of internal systems to external manipulation could facilitate reconnaissance or attacks on backend infrastructure. Affected versions are 4.4.0-4.4.13 and 4.5.0-4.5.6; a patch is available.

Server-side request forgery in AVideo prior to version 22.0 allows authenticated users to make arbitrary outbound requests from the affected server via an unvalidated downloadURL parameter in the aVideoEncoder.json.php endpoint. An attacker can exploit this to probe internal network services, access metadata endpoints, and retrieve sensitive data, potentially leading to further system compromise. This affects PHP deployments running vulnerable AVideo versions.

Payload CMS prior to v3.75.0 contains a Server-Side Request Forgery vulnerability in its external file upload feature that allows authenticated users with upload collection permissions to access internal network resources by exploiting insufficient HTTP redirect validation. An attacker could retrieve sensitive response content from internal services accessible to the Payload server. A patch is available in version 3.75.0.

Craft CMS versions 4.5.0 through 4.16.18 and 5.0.0 through 5.8.22 contain an SSRF bypass in GraphQL Asset mutations where IPv6-only hostnames bypass the security blocklist, allowing authenticated users with GraphQL asset editing permissions to perform server-side request forgery attacks. Public exploit code exists for this vulnerability, which is a regression of a previously patched SSRF issue. Authenticated users with appropriate GraphQL schema permissions can exploit this to access internal resources or perform requests to arbitrary IPv6 addresses.

DNS rebinding attacks in Craft CMS 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22 allow authenticated attackers to bypass SSRF protections in GraphQL asset mutations by exploiting a Time-of-Check-Time-of-Use race condition between DNS validation and HTTP requests. Attackers with appropriate GraphQL schema permissions can access blocked IP addresses and internal resources that should be restricted. Public exploit code exists for this vulnerability, which represents a bypass of the previous CVE-2025-68437 fix.

Server-side request forgery in Dinky up to version 1.2.5 allows authenticated attackers to make arbitrary HTTP requests through the Flink Proxy Controller's proxyUba function. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. An attacker with valid credentials can leverage this to access internal resources or perform actions on behalf of the affected server.

Astro web framework versions prior to 9.5.4 contain a server-side request forgery vulnerability in error page handling that allows unauthenticated remote attackers to bypass Host header validation and redirect requests to internal services or cloud metadata endpoints. By manipulating the Host header when accessing prerendered error pages, attackers can read response bodies from internal URLs, cloud metadata services, or localhost resources. Public exploit code exists for this vulnerability, which affects applications using custom error pages without proper Host validation.

Jeewms 3.7 contains a server-side request forgery vulnerability in the UEditor plugin's getRemoteImage.jsp file, where the upfile parameter can be manipulated to make the server perform unintended network requests. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. Remote attackers can exploit this without authentication to conduct SSRF attacks with low complexity.

Server-side request forgery in Tiandy Video Surveillance System 7.17.0 allows authenticated remote attackers to manipulate the urlPath parameter in the downloadImage function, enabling arbitrary network requests from the affected server. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. The attack requires valid credentials but no user interaction, posing a medium-severity risk to organizations deploying this surveillance platform.

Server-side request forgery in JeecgBoot 3.9.0's /sys/common/uploadImgByHttp endpoint allows authenticated attackers to manipulate the fileUrl parameter and make arbitrary HTTP requests from the vulnerable server. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

OpenClaw versions 2026.2.17 and earlier allow unauthenticated remote attackers to access internal and metadata endpoints through unprotected cron webhook delivery mechanisms that lack SSRF validation. An attacker can exploit this to reach private services and endpoints that should be restricted, potentially leading to information disclosure or lateral movement within the infrastructure. A patch is available in version 2026.2.19.

Wallos versions 4.6.0 and below allow authenticated attackers to perform Server-Side Request Forgery attacks through the logo upload feature by exploiting HTTP redirects that bypass IP validation checks, enabling access to internal resources and cloud metadata endpoints. Public exploit code exists for this vulnerability, and an available patch should be applied immediately to prevent unauthorized disclosure of sensitive configuration and credentials.

Server-Side Request Forgery (SSRF) vulnerability in Laborator Oxygen oxygen allows Server Side Request Forgery.This issue affects Oxygen: from n/a through <= 6.0.8. [CVSS 7.2 HIGH]

OpenClaw prior to version 2026.2.14 fails to properly validate IPv6-formatted addresses in its SSRF protection, allowing attackers to bypass restrictions and access loopback and private network resources that should be blocked. An unauthenticated remote attacker can exploit this by crafting requests using IPv4-mapped IPv6 literals to reach restricted endpoints. The vulnerability has been patched in version 2026.2.14.

OpenClaw versions prior to 2026.2.14 fail to validate the gatewayUrl parameter in the Gateway tool, allowing authenticated users or operators to redirect WebSocket connections to arbitrary targets and potentially access internal resources. This vulnerability requires authentication and the ability to invoke specific tool calls, limiting exposure to trusted users and automated systems rather than anonymous attackers. An attacker with these privileges could establish unauthorized outbound connections from the OpenClaw host, compromising confidentiality and potentially enabling further network-based attacks.

Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forgery. The vulnerability could allow an attacker to perform blind SSRF to other systems accessible from the XM Fax server. [CVSS 5.3 MEDIUM]

SillyTavern versions before 1.16.0 contain a server-side request forgery (SSRF) vulnerability in the asset download endpoint that allows authenticated users to make arbitrary HTTP requests from the server and access internal services, cloud metadata, and private network resources. Public exploit code exists for this vulnerability, which can be mitigated by upgrading to version 1.16.0 or configuring domain whitelisting in the config.yaml file.

SPIP versions prior to 4.4.9 contain a blind server-side request forgery vulnerability in the syndication feature that allows authenticated users to manipulate the application into making arbitrary network requests to internal or external systems. An attacker with valid credentials can exploit this by crafting malicious syndication URLs during site editing, bypassing the security filter mechanisms. No patch is currently available for this vulnerability.

SSRF in Hyland Alfresco Transformation Service via document processing.

Alfresco Transform Service contains a vulnerability that allows attackers to achieve both arbitrary file read and server-side request forgery through the abs (CVSS 8.2).

A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet versions up to 2025-11 is affected by server-side request forgery (ssrf).

Indico versions before 3.3.10 allow authenticated event organizers to conduct server-side request forgery attacks by providing arbitrary URLs that the application will access, potentially exposing internal services and cloud metadata endpoints. An attacker with event organizer privileges can leverage this to retrieve sensitive data from localhost or cloud infrastructure endpoints that lack authentication controls. The vulnerability affects deployments on cloud platforms like AWS where metadata services are accessible; administrators should upgrade to version 3.3.10 to remediate.

SSRF in SoftVision webPDF before 10.0.2 via PDF converter function.

Server-Side Request Forgery in totalsoft TS Poll versions 2.5.5 and earlier enables authenticated attackers with high privileges to make arbitrary network requests from the affected server. While this MEDIUM severity vulnerability (CVSS 4.4) requires high-privilege credentials and difficult exploitation conditions, it could facilitate reconnaissance or attacks against internal resources. No patch is currently available.

KaizenCoders URL Shortify versions up to 1.12.3 contain a server-side request forgery vulnerability that allows high-privileged attackers to make arbitrary HTTP requests from the affected server without user interaction. An authenticated attacker could exploit this flaw to access internal resources, interact with backend services, or perform reconnaissance on the internal network. No patch is currently available for this vulnerability.

D-Link products versions 2.0.0 and earlier are vulnerable to server-side request forgery (SSRF) that allows authenticated attackers to make arbitrary HTTP requests from the affected system. This MEDIUM severity vulnerability requires valid credentials but enables attackers to bypass network controls and potentially access internal resources or services. No patch is currently available.

Burhan Nasir Smart Auto Upload Images smart-auto-upload-images is affected by server-side request forgery (ssrf) (CVSS 6.4).

Server-side request forgery (SSRF) in worldquant-miner up to version 1.0.9 allows remote attackers to manipulate the make_request parameter in the URL handler component, enabling them to forge requests to internal systems or arbitrary destinations. Public exploit code exists for this vulnerability, though exploitation requires high complexity conditions. The vendor has not yet released a patch despite early notification.

The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.11 via the advanced size chart REST API endpoint. This is due to insufficient validation of user-supplied URLs before passing them to the download_url() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application which can b...

GitHub Enterprise Server allows authenticated webhook administrators to bypass network restrictions through Server-Side Request Forgery, enabling access to internal services, job queues, and sensitive endpoints on loopback addresses. This affects all versions prior to 3.20 and requires valid credentials with webhook configuration privileges. No patch is currently available, and exploitation could lead to unauthorized data access or disruption of background job processing.

Server-side request forgery in Hugging Face smolagents 1.24.0 allows authenticated attackers to manipulate the LocalPythonExecutor's requests.get/requests.post functions, enabling remote exploitation without user interaction. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

Insufficient input validation in the Gutenberg Blocks with AI by Kadence WP plugin allows authenticated contributors and above to perform server-side request forgery against GetResponse API endpoints, potentially exposing sensitive data like contacts and campaigns stored on the site. The vulnerability stems from overly permissive access controls that grant the dangerous `endpoint` parameter manipulation to users with only Contributor-level privileges instead of requiring administrator access. Attackers can also extract the site's stored GetResponse API credentials from request headers during exploitation.

Configuration deletion and resource denial in StorageGRID versions before 11.9.0.12 and 12.0.0.4 stems from an SSRF flaw in Microsoft Entra ID SSO integration, allowing authenticated attackers to manipulate backend requests. Successful exploitation enables deletion of configuration data or denial of access to storage resources despite requiring valid credentials to initiate the attack.

IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. [CVSS 5.4 MEDIUM]

Rocket TRUfusion Enterprise versions up to 7.10.4.0 is affected by server-side request forgery (ssrf) (CVSS 7.3).

Server-side request forgery in GeekAI versions up to 4.2.4 allows authenticated remote attackers to manipulate the Download function's URL parameter in api/handler/net_handler.go to access internal resources or perform unauthorized actions. Public exploit code exists for this vulnerability, and the vendor has not yet responded to disclosure. A patch is not currently available.

Server-side request forgery in Cskefu up to version 8.0.1 allows authenticated remote attackers to manipulate the URL parameter in the MediaController endpoint to perform arbitrary HTTP requests from the affected server. Public exploit code exists for this vulnerability and the vendor has not provided a patch despite early notification. The attack requires valid authentication credentials but can be executed remotely with low complexity.

Server-side request forgery in Deepaudit versions up to 3.0.3 allows authenticated remote attackers to manipulate the IP Address Handler component in the embedding configuration endpoint, potentially enabling them to perform arbitrary network requests from the affected server. The vulnerability requires valid credentials but no user interaction, affecting the AI/ML product's backend services. Upgrading to version 3.0.4 or later resolves this issue.

MindsDB versions up to 25.14.1 contain a server-side request forgery vulnerability in the file upload functionality that allows authenticated remote attackers to forge requests to internal or external systems. Public exploit code exists for this vulnerability, and affected organizations should apply patch 74d6f0fd4b630218519a700fbee1c05c7fd4b1ed or upgrade to a patched version immediately.

The MP3 Audio Player plugin for WordPress versions 5.3-5.10 contains a server-side request forgery vulnerability in the lyrics loading function that allows authenticated users with author privileges to initiate arbitrary web requests from the affected server. This capability enables attackers to interact with internal services and potentially access or modify sensitive data on systems reachable from the web application.

User Language Switch (WordPress plugin) is affected by server-side request forgery (ssrf) (CVSS 7.2).

Tandoor Recipes prior to 2.5.1 contains a blind server-side request forgery vulnerability in the Cookmate recipe import feature that allows authenticated users to bypass URL validation after HTTP redirects, enabling attacks against internal networks and cloud metadata services. An attacker with standard user privileges can leverage this flaw to scan internal ports, access sensitive metadata, or discover the server's real IP address. Public exploit code exists for this vulnerability.

ClipBucket v5 before 5.5.3 allows authenticated users to trigger server-side request forgery (SSRF) through the Remote Play feature by specifying internal network URLs in video references, enabling attackers to scan and probe internal network infrastructure. Public exploit code exists for this vulnerability, which requires only standard user privileges to execute. The SSRF capability permits GET requests to internal servers without requiring the attacker to upload content to the platform.

The Converter for Media WordPress plugin through version 6.5.1 contains a server-side request forgery vulnerability in the image loading function that allows unauthenticated attackers to make arbitrary web requests from the affected server. This could enable attackers to probe internal services and potentially read or modify sensitive data accessible from the web application. No patch is currently available.

RecursiveUrlLoader in LangChain Community prior to 1.1.14 uses weak string-based URL validation that allows attackers to bypass the preventOutside crawling restriction by crafting domains with matching prefixes, potentially exposing the crawler to malicious or internal infrastructure endpoints. An attacker controlling a crawled webpage could inject links to cloud metadata services or private IP ranges, which the crawler would follow without validation, leading to information disclosure.

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing protections in the Git repository import functionality. [CVSS 4.3 MEDIUM]

DoraCMS 3.1 and earlier allows unauthenticated attackers to perform server-side request forgery through the UEditor remote image fetch feature, which fails to validate or restrict destination URLs. An attacker can exploit this to force the server to make arbitrary HTTP/HTTPS requests to internal network resources, enabling internal reconnaissance and potential denial of service attacks.

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.get_num_tokens_from_messages() method fetches arbitrary image_url values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Request Forgery (SSRF) attacks by providing malicious image URLs in user input. This vulnerability...

Authenticated users of Azure and Azure DevOps Server can exploit a server-side request forgery vulnerability to perform network-based spoofing attacks. This MEDIUM severity issue (CVSS 6.5) requires valid credentials but allows attackers to manipulate the server into making unauthorized requests, potentially compromising confidentiality. No patch is currently available.

SSRF vulnerability in Teknolist Okulistik application allows server-side requests to internal resources.

Faraday HTTP client library versions before 2.14.1 fail to properly validate protocol-relative URLs when merging user-supplied paths with base URLs, allowing attackers to redirect requests to arbitrary hosts via SSRF attacks. Applications that pass untrusted input to Faraday request methods like get() or post() are vulnerable to request hijacking. A patch is available in version 2.14.1 and later.

LangSmith Client SDKs for Python and AI/ML platforms are susceptible to server-side request forgery through malicious HTTP baggage headers that allow attackers to redirect trace data exfiltration to attacker-controlled endpoints. An unauthenticated attacker can inject arbitrary api_url values during distributed tracing operations, causing the SDK to send sensitive trace data outside the intended infrastructure. No patch is currently available for this medium-severity vulnerability.

Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation uses filter_var(..., FILTER_VALIDATE_IP) to block a specific list of IP addresses. [CVSS 6.5 MEDIUM]

SSRF bypass in Craft CMS 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21 allows unauthenticated attackers to access cloud metadata endpoints and internal IP addresses through the saveAsset GraphQL mutation by exploiting Guzzle's automatic redirect handling. The vulnerability bypasses hostname and IP blocklist protections that validate only the initial request URL, enabling attackers to reach sensitive internal resources. Public exploit code exists; patched versions 4.16.18 and 5.8.22 are available.

Fluent Forms Pro Add On Pack (WordPress plugin) is affected by server-side request forgery (ssrf) (CVSS 5.4).

Pydantic-AI's MCP Run Python tool uses an insufficiently restrictive Deno sandbox configuration that permits Python code to access the host's localhost interface, enabling Server-Side Request Forgery (SSRF) attacks. An attacker can exploit this to probe or interact with services running on the local machine that should be isolated from external access. The archived project status means no patch is expected to be released.

Homarr versions prior to 1.52.0 contain an unauthenticated SSRF vulnerability in the widget.app.ping endpoint that accepts arbitrary URLs and performs server-side requests, allowing remote attackers to scan ports and probe internal networks without authentication. The vulnerability enables attackers to infer open versus closed ports through HTTP status codes and response timing, establishing a reliable reconnaissance primitive. No patch is currently available for affected deployments.

Pydantic AI versions 0.0.26 through 1.55.x contain a server-side request forgery vulnerability in URL download functionality that allows remote attackers to make arbitrary HTTP requests to internal network resources when applications process untrusted message history. Public exploit code exists for this vulnerability, which could enable attackers to access internal services or cloud credentials. Applications must upgrade to version 1.56.0 or later to remediate the issue.

Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts outside allowedUris by using crafted URLs that include userinfo (username:password@host). [CVSS 3.7 LOW]

Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. [CVSS 3.7 LOW]

All In One Image Viewer Block (WordPress plugin) is affected by server-side request forgery (ssrf) (CVSS 7.2).

AutoGPT has a second SSRF vulnerability (CVSS 9.8) in a different endpoint, providing an additional path to access internal network resources.

AutoGPT has a Server-Side Request Forgery vulnerability (CVSS 9.8) allowing unauthenticated attackers to make the AI platform access internal network resources.

ZenTao versions up to 21.7.6-85642 contain a server-side request forgery vulnerability in the Webhook Module's fetchHook function that allows remote attackers to initiate requests from the affected server. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

Server-side request forgery in Group Office's WOPI service discovery allows authenticated System Administrators to access internal hosts, ports, and files on the affected server. The vulnerability enables attackers to exfiltrate SSRF response bodies through the debug system, effectively converting a blind SSRF into a visible information disclosure attack. Public exploit code exists for this medium-severity flaw, which has been patched in versions 6.8.150, 25.0.82, and 26.0.5.

GLPI versions 11.0.0 through 11.0.4 allow authenticated administrators to conduct Server-Side Request Forgery (SSRF) attacks via the Webhook functionality, potentially enabling reconnaissance of internal network resources. An attacker with administrative privileges could leverage this capability to probe internal services or bypass network access controls. A patch is available in version 11.0.5 and later.

Tiny File Manager through 2.6 contains a server-side request forgery (SSRF) vulnerability in the URL upload feature. [CVSS 4.3 MEDIUM]

ThemeGoods Grand Blog versions prior to 3.1.5 contain a server-side request forgery vulnerability that allows unauthenticated remote attackers to make arbitrary HTTP requests from the affected server. The vulnerability enables attackers to access internal resources or interact with backend services on behalf of the server, potentially leading to information disclosure or lateral movement within the network. No patch is currently available for this issue.

A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services. [CVSS 2.7 LOW]

TrustTunnel versions prior to 0.9.114 fail to validate private network restrictions when processing numeric IP addresses in TCP connections, enabling authenticated attackers to bypass SSRF protections and reach loopback or internal network targets. The vulnerability exists because IP-based connection requests skip the same security checks applied to hostname-based requests. Public exploit code exists; upgrade to version 0.9.114 or later to remediate.

NocoDB versions prior to 0.301.0 contain a blind SSRF vulnerability in the uploadViaURL feature where an unvalidated HEAD request allows authenticated attackers to probe arbitrary URLs and internal networks before SSRF protections are enforced. Public exploit code exists for this vulnerability, though it has limited impact due to the lack of response data exfiltration. Users should upgrade to version 0.301.0 or later, though no patch is currently available for older versions.

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. [CVSS 7.6 HIGH]

ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. [CVSS 4.0 MEDIUM]

The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not restricting which URLs can be fetched when importing CSV data from a URL in the Data Table widget. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations, including localhost and internal network services, and read sensitive files such as wp-config....

vLLM before version 0.14.1 contains a server-side request forgery vulnerability in the MediaConnector class where inconsistent URL parsing between libraries allows attackers to bypass host restrictions and force the server to make arbitrary requests to internal network resources. Public exploit code exists for this vulnerability, which poses significant risk in containerized environments where a compromised vLLM instance could be leveraged to access restricted internal systems. The vulnerability affects users running vLLM's multimodal features with untrusted input.