CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4638 vulnerabilities reference this CWE, most recent first.
CVE-2026-28467 (GCVE-0-2026-28467)
Vulnerability from cvelistv5 – Published: 2026-03-05 21:59 – Updated: 2026-03-09 17:55- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/openclaw/openclaw/security/adv… | vendor-advisory |
| https://github.com/openclaw/openclaw/commit/81c68… | patch |
| https://github.com/openclaw/openclaw/commit/9bd64… | patch |
| https://www.vulncheck.com/advisories/openclaw-ssr… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T17:54:10.336610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T17:55:53.923Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Petr Simecek (@simecek)"
},
{
"lang": "en",
"type": "analyst",
"value": "Stanislav Fort, Aisle Research, www.aisle.com"
}
],
"datePublic": "2026-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTP(S) URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can trigger SSRF to internal resources and exfiltrate fetched response bytes as outbound attachments.\u003c/p\u003e"
}
],
"value": "OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTP(S) URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can trigger SSRF to internal resources and exfiltrate fetched response bytes as outbound attachments."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T16:36:36.095Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-wfp2-v9c7-fh79)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wfp2-v9c7-fh79"
},
{
"name": "Patch Commit #1",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/81c68f582d4a9a20d9cca9f367d2da9edc5a65ae"
},
{
"name": "Patch Commit #2",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/9bd64c8a1f91dda602afc1d5246a2ff2be164647"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.2.2 - SSRF via Attachment Media URL Hydration",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-ssrf-via-attachment-media-url-hydration"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenClaw \u003c 2026.2.2 - SSRF via Attachment Media URL Hydration",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-28467",
"datePublished": "2026-03-05T21:59:43.489Z",
"dateReserved": "2026-02-27T19:18:57.083Z",
"dateUpdated": "2026-03-09T17:55:53.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28423 (GCVE-0-2026-28423)
Vulnerability from cvelistv5 – Published: 2026-02-27 22:11 – Updated: 2026-03-02 21:48- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/statamic/cms/security/advisori… | x_refsource_CONFIRM |
| https://github.com/statamic/cms/releases/tag/v5.73.11 | x_refsource_MISC |
| https://github.com/statamic/cms/releases/tag/v6.4.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28423",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T21:48:27.523038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T21:48:43.597Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cms",
"vendor": "statamic",
"versions": [
{
"status": "affected",
"version": "\u003c 5.73.11"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure mode (which is not the default), the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary URLs\u2014either via the URL directly or via the watermark feature. That can allow access to internal services, cloud metadata endpoints, and other hosts reachable from the server. This has been fixed in 5.73.11 and 6.4.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T22:11:55.802Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/statamic/cms/security/advisories/GHSA-cwpp-325q-2cvp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/statamic/cms/security/advisories/GHSA-cwpp-325q-2cvp"
},
{
"name": "https://github.com/statamic/cms/releases/tag/v5.73.11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/statamic/cms/releases/tag/v5.73.11"
},
{
"name": "https://github.com/statamic/cms/releases/tag/v6.4.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/statamic/cms/releases/tag/v6.4.0"
}
],
"source": {
"advisory": "GHSA-cwpp-325q-2cvp",
"discovery": "UNKNOWN"
},
"title": "Statamic Vulnerable to Server-Side Request Forgery via Glide"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28423",
"datePublished": "2026-02-27T22:11:55.802Z",
"dateReserved": "2026-02-27T15:54:05.136Z",
"dateUpdated": "2026-03-02T21:48:43.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28416 (GCVE-0-2026-28416)
Vulnerability from cvelistv5 – Published: 2026-02-27 21:47 – Updated: 2026-03-02 21:59- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/gradio-app/gradio/security/adv… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| gradio-app | gradio |
Affected:
< 6.6.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28416",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T21:59:31.348228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T21:59:40.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gradio",
"vendor": "gradio-app",
"versions": [
{
"status": "affected",
"version": "\u003c 6.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim\u0027s server by hosting a malicious Gradio Space. When a victim application uses `gr.load()` to load an attacker-controlled Space, the malicious `proxy_url` from the config is trusted and added to the allowlist, enabling the attacker to access internal services, cloud metadata endpoints, and private networks through the victim\u0027s infrastructure. Version 6.6.0 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T21:47:04.975Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gradio-app/gradio/security/advisories/GHSA-jmh7-g254-2cq9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-jmh7-g254-2cq9"
}
],
"source": {
"advisory": "GHSA-jmh7-g254-2cq9",
"discovery": "UNKNOWN"
},
"title": "Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28416",
"datePublished": "2026-02-27T21:47:04.975Z",
"dateReserved": "2026-02-27T15:33:57.289Z",
"dateUpdated": "2026-03-02T21:59:40.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28385 (GCVE-0-2026-28385)
Vulnerability from cvelistv5 – Published: 2026-06-26 16:23 – Updated: 2026-06-26 17:13- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/canonical/lxd/security/advisor… | vdb-entryvendor-advisory |
| https://github.com/canonical/lxd/pull/18462 | patchissue-tracking |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28385",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T17:13:30.913771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T17:13:58.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/canonical",
"defaultStatus": "unaffected",
"packageName": "lxd",
"platforms": [
"Linux"
],
"product": "lxd",
"programFiles": [
"permissions.go"
],
"repo": "https://github.com/canonical/lxd",
"vendor": "Canonical",
"versions": [
{
"lessThan": "6.10",
"status": "affected",
"version": "6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Babajide Emmanuel Fakile"
}
],
"descriptions": [
{
"lang": "en",
"value": "In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in the image import functionality allows authenticated users with the can_create_images entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a URL source, the LXD daemon fails to validate or restrict outbound destination IP addresses, allowing connections to loopback, RFC1918 private ranges, and cloud metadata endpoints. This enables error-based port scanning and unauthorized interaction with internal HTTP services from the daemon\u0027s network position."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664: Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T16:23:56.456Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "SSRF via image import from URL allows internal network probing by authenticated users",
"tags": [
"vdb-entry",
"vendor-advisory"
],
"url": "https://github.com/canonical/lxd/security/advisories/GHSA-3gq2-x4qg-p4g6"
},
{
"name": "doc: update guide to hardening security for LXD",
"tags": [
"patch",
"issue-tracking"
],
"url": "https://github.com/canonical/lxd/pull/18462"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SSRF via image import from URL allows internal network probing by authenticated users"
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2026-28385",
"datePublished": "2026-06-26T16:23:56.456Z",
"dateReserved": "2026-02-27T11:06:14.064Z",
"dateUpdated": "2026-06-26T17:13:58.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28295 (GCVE-0-2026-28295)
Vulnerability from cvelistv5 – Published: 2026-02-26 15:33 – Updated: 2026-02-26 18:07- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-28295 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2443004 | issue-trackingx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28295",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T18:07:04.296631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:07:15.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "gvfs",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"packageName": "gvfs",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "gvfs",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "gvfs",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "gvfs",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Codean Labs for reporting this issue."
}
],
"datePublic": "2026-02-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode (PASV) response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the malicious server to probe for open ports accessible from the client\u0027s network."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:33:23.865Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-28295"
},
{
"name": "RHBZ#2443004",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443004"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-26T13:34:03.968Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-02-26T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Gvfs: gvfs ftp backend: information disclosure via untrusted pasv responses",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, users should avoid connecting to untrusted or unknown FTP servers when using applications that rely on the GVfs FTP backend. This vulnerability requires the client to interact with a malicious FTP server for exploitation."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-918: Server-Side Request Forgery (SSRF)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-28295",
"datePublished": "2026-02-26T15:33:23.865Z",
"dateReserved": "2026-02-26T13:34:41.531Z",
"dateUpdated": "2026-02-26T18:07:15.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28271 (GCVE-0-2026-28271)
Vulnerability from cvelistv5 – Published: 2026-02-27 20:21 – Updated: 2026-03-03 20:27| URL | Tags |
|---|---|
| https://github.com/kiteworks/security-advisories/… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| kiteworks | security-advisories |
Affected:
< 9.2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28271",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-03T20:27:32.310501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T20:27:38.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "kiteworks",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access internal services that should be restricted. Version 9.2.0 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-350",
"description": "CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T20:21:29.444Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-rmfx-6h9w-fq87",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-rmfx-6h9w-fq87"
}
],
"source": {
"advisory": "GHSA-rmfx-6h9w-fq87",
"discovery": "UNKNOWN"
},
"title": "Kiteworks Core is vulnerable to Server-Side Request Forgery (SSRF)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28271",
"datePublished": "2026-02-27T20:21:12.194Z",
"dateReserved": "2026-02-26T01:52:58.733Z",
"dateUpdated": "2026-03-03T20:27:38.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28036 (GCVE-0-2026-28036)
Vulnerability from cvelistv5 – Published: 2026-03-05 05:54 – Updated: 2026-04-28 17:32- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Theme/r… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| SkatDesign | Ratatouille |
Affected:
0 , ≤ 1.2.6
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28036",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T20:51:25.994988Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T17:32:18.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "ratatouille",
"product": "Ratatouille",
"vendor": "SkatDesign",
"versions": [
{
"lessThanOrEqual": "1.2.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:05:40.363Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) vulnerability in SkatDesign Ratatouille ratatouille allows Server Side Request Forgery.\u003cp\u003eThis issue affects Ratatouille: from n/a through \u003c= 1.2.6.\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) vulnerability in SkatDesign Ratatouille ratatouille allows Server Side Request Forgery.This issue affects Ratatouille: from n/a through \u003c= 1.2.6."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:15:04.802Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Theme/ratatouille/vulnerability/wordpress-ratatouille-theme-1-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"title": "WordPress Ratatouille theme \u003c= 1.2.6 - Server Side Request Forgery (SSRF) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-28036",
"datePublished": "2026-03-05T05:54:14.141Z",
"dateReserved": "2026-02-25T12:13:25.489Z",
"dateUpdated": "2026-04-28T17:32:18.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27945 (GCVE-0-2026-27945)
Vulnerability from cvelistv5 – Published: 2026-02-26 00:29 – Updated: 2026-02-26 16:51- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/zitadel/zitadel/security/advis… | x_refsource_CONFIRM |
| https://github.com/zitadel/zitadel/releases/tag/v3.4.7 | x_refsource_MISC |
| https://github.com/zitadel/zitadel/releases/tag/v4.11.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T16:50:58.527791Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:51:23.606Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zitadel",
"vendor": "zitadel",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.59.0, \u003c 4.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZITADEL is an open source identity management platform. Zitadel Action V2 (introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0) is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. Zitadel\u0027s Action target URLs can point to local hosts, potentially allowing adversaries to gather internal network information and connect to internal services. When the URL points to a local host / IP address, an adversary might gather information about the internal network structure, the services exposed on internal hosts etc. This is sometimes called a Server-Side Request Forgery (SSRF). Zitadel Actions expect responses according to specific schemas, which reduces the threat vector. The patch in version 4.11.1 resolves the issue by checking the target URL against a denylist. By default localhost, resp. loopback IPs are denied. Note that this fix was only released on v4.x. Due to the stage (preview / beta) in which the functionality was in v2.x and v3.x, the changes that have been applied to it since then and the severity, respectively the actual thread vector, a backport to the corresponding versions was not feasible. Please check the workaround section for alternative solutions if an upgrade to v4.x is not possible. If an upgrade is not possible, prevent actions from using unintended endpoints by setting network policies or firewall rules in one\u0027s own infrastructure. Note that this is outside of the functionality provided by Zitadel."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T00:33:02.177Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/zitadel/zitadel/security/advisories/GHSA-7777-fhq9-592v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-7777-fhq9-592v"
},
{
"name": "https://github.com/zitadel/zitadel/releases/tag/v3.4.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zitadel/zitadel/releases/tag/v3.4.7"
},
{
"name": "https://github.com/zitadel/zitadel/releases/tag/v4.11.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zitadel/zitadel/releases/tag/v4.11.0"
}
],
"source": {
"advisory": "GHSA-7777-fhq9-592v",
"discovery": "UNKNOWN"
},
"title": "ZITADEL has potential SSRF via Actions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27945",
"datePublished": "2026-02-26T00:29:58.157Z",
"dateReserved": "2026-02-25T03:11:36.690Z",
"dateUpdated": "2026-02-26T16:51:23.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27829 (GCVE-0-2026-27829)
Vulnerability from cvelistv5 – Published: 2026-02-26 00:36 – Updated: 2026-02-26 16:21- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/withastro/astro/security/advis… | x_refsource_CONFIRM |
| https://github.com/withastro/astro/commit/e01e98b… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27829",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T16:21:28.348418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:21:44.676Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "astro",
"vendor": "withastro",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro\u0027s image pipeline allows bypassing `image.domains` / `image.remotePatterns` restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an `inferSize` option that fetches remote images at render time to determine their dimensions. Remote image fetches are intended to be restricted to domains the site developer has manually authorized (using the `image.domains` or `image.remotePatterns` options). However, when `inferSize` is used, no domain validation is performed \u2014 the image is fetched from any host regardless of the configured restrictions. An attacker who can influence the image URL (e.g., via CMS content or user-supplied data) can cause the server to fetch from arbitrary hosts. This allows bypassing `image.domains` / `image.remotePatterns` restrictions to make server-side requests to unauthorized hosts. This includes the risk of server-side request forgery (SSRF) against internal network services and cloud metadata endpoints. Version 9.5.4 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T00:36:40.497Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/withastro/astro/security/advisories/GHSA-cj9f-h6r6-4cx2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/withastro/astro/security/advisories/GHSA-cj9f-h6r6-4cx2"
},
{
"name": "https://github.com/withastro/astro/commit/e01e98b063e90d274c42130ec2a60cc0966622c9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/withastro/astro/commit/e01e98b063e90d274c42130ec2a60cc0966622c9"
}
],
"source": {
"advisory": "GHSA-cj9f-h6r6-4cx2",
"discovery": "UNKNOWN"
},
"title": "Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27829",
"datePublished": "2026-02-26T00:36:40.497Z",
"dateReserved": "2026-02-24T02:32:39.800Z",
"dateUpdated": "2026-02-26T16:21:44.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27826 (GCVE-0-2026-27826)
Vulnerability from cvelistv5 – Published: 2026-03-10 18:46 – Updated: 2026-03-10 19:15- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/sooperset/mcp-atlassian/securi… | x_refsource_CONFIRM |
| https://github.com/sooperset/mcp-atlassian/commit… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| sooperset | mcp-atlassian |
Affected:
< 0.17.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27826",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T19:15:04.483548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T19:15:10.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mcp-atlassian",
"vendor": "sooperset",
"versions": [
{
"status": "affected",
"version": "\u003c 0.17.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL by supplying two custom HTTP headers without an `Authorization` header. No authentication is required. The vulnerability exists in the HTTP middleware and dependency injection layer \u2014 not in any MCP tool handler - making it invisible to tool-level code analysis. In cloud deployments, this could enable theft of IAM role credentials via the instance metadata endpoint (`169[.]254[.]169[.]254`). In any HTTP deployment it enables internal network reconnaissance and injection of attacker-controlled content into LLM tool results. Version 0.17.0 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T18:46:12.069Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sooperset/mcp-atlassian/security/advisories/GHSA-7r34-79r5-rcc9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sooperset/mcp-atlassian/security/advisories/GHSA-7r34-79r5-rcc9"
},
{
"name": "https://github.com/sooperset/mcp-atlassian/commit/5cd697dfce9116ef330b8dc7a91291640e0528d9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sooperset/mcp-atlassian/commit/5cd697dfce9116ef330b8dc7a91291640e0528d9"
}
],
"source": {
"advisory": "GHSA-7r34-79r5-rcc9",
"discovery": "UNKNOWN"
},
"title": "MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27826",
"datePublished": "2026-03-10T18:46:12.069Z",
"dateReserved": "2026-02-24T02:32:39.799Z",
"dateUpdated": "2026-03-10T19:15:10.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.