Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-10564

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-30 Jun, 2026 | 19:51
Updated At-01 Jul, 2026 | 14:48
Rejected At-
Credits

SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection

IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery (SSRF). The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker can exploit this to access internal resources including cloud metadata services (AWS/Azure/GCP IMDS), potentially exfiltrating IAM credentials and enumerating internal networks. The vulnerability can also be triggered through prompt injection in agentic workflows due to tool_mode=True exposure.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:30 Jun, 2026 | 19:51
Updated At:01 Jul, 2026 | 14:48
Rejected At:
▼CVE Numbering Authority (CNA)
SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection

IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery (SSRF). The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker can exploit this to access internal resources including cloud metadata services (AWS/Azure/GCP IMDS), potentially exfiltrating IAM credentials and enumerating internal networks. The vulnerability can also be triggered through prompt injection in agentic workflows due to tool_mode=True exposure.

Affected Products
Vendor
IBM CorporationIBM
Product
Langflow OSS
CPEs
  • cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:langflow_oss:1.9.6:*:*:*:*:*:*:*
Versions
Affected
  • From 1.0.0 through 1.9.6 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-918CWE-918 Server-Side Request Forgery (SSRF)
Type: CWE
CWE ID: CWE-918
Description: CWE-918 Server-Side Request Forgery (SSRF)
Metrics
VersionBase scoreBase severityVector
3.18.2HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

IBM strongly recommends addressing the vulnerability now by upgrading Langflow OSS to version 1.10.0 https://pypi.org/project/langflow/

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.ibm.com/support/pages/node/7277995
vendor-advisory
patch
Hyperlink: https://www.ibm.com/support/pages/node/7277995
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:30 Jun, 2026 | 20:17
Updated At:02 Jul, 2026 | 15:41

IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery (SSRF). The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker can exploit this to access internal resources including cloud metadata services (AWS/Azure/GCP IMDS), potentially exfiltrating IAM credentials and enumerating internal networks. The vulnerability can also be triggered through prompt injection in agentic workflows due to tool_mode=True exposure.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.2HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
N/A
Type: Secondary
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

langflow
langflow
>>langflow>>Versions from 1.0.0(inclusive) to 1.9.6(inclusive)
cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-918Secondarypsirt@us.ibm.com
CWE ID: CWE-918
Type: Secondary
Source: psirt@us.ibm.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.ibm.com/support/pages/node/7277995psirt@us.ibm.com
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7277995
Source: psirt@us.ibm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

109Records found

CVE-2020-4365
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.40% / 69.13%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 15:50
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-4974
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.60% / 44.29%
||
7 Day CHG~0.00%
Published-28 Jul, 2021 | 12:25
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.

Action-Not Available
Vendor-IBM Corporation
Product-rational_doors_next_generationrational_engineering_lifecycle_managerengineering_test_managementrational_quality_managerrational_team_concertrational_collaborative_lifecycle_managementengineering_workflow_managementengineering_lifecycle_optimization_-_engineering_insightsengineering_requirements_quality_assistant_on-premisesRational Quality ManagerRational DOORS Next GenerationEngineering Workflow ManagementRational Collaborative Lifecycle ManagementEngineering Lifecycle OptimizationRational Engineering Lifecycle ManagerEngineering Test ManagementRational Team Concert
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-4294
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-1.24% / 65.64%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-16 Sep, 2024 | 22:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadarQradar
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-4529
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.3||HIGH
EPSS-0.82% / 52.77%
||
7 Day CHG~0.00%
Published-08 Jun, 2020 | 12:55
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_asset_managementMaximo Asset Management
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-4786
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.54% / 41.50%
||
7 Day CHG~0.00%
Published-27 Jan, 2021 | 16:35
Updated-16 Sep, 2024 | 23:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189221.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-4882
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.71% / 49.03%
||
7 Day CHG~0.00%
Published-22 Mar, 2021 | 17:00
Updated-16 Sep, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 190852.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analyticsPlanning Analytics
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-4632
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.92% / 56.05%
||
7 Day CHG~0.00%
Published-04 Sep, 2020 | 13:35
Updated-17 Sep, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to submit or control server requests. IBM X-Force ID: 185416.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_metadata_asset_managerInfoSphere Information Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-49336
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 11.56%
||
7 Day CHG~0.00%
Published-19 Dec, 2024 | 17:21
Updated-05 Nov, 2025 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium server-side request forgery

IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardium
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2019-4741
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.96% / 57.27%
||
7 Day CHG+0.02%
Published-12 Feb, 2020 | 16:10
Updated-17 Sep, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowscontent_navigatorlinux_kernelContent Navigator
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2019-4203
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.9||HIGH
EPSS-1.73% / 74.74%
||
7 Day CHG~0.00%
Published-15 Apr, 2019 | 14:55
Updated-17 Sep, 2024 | 02:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2019-4262
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.95% / 57.01%
||
7 Day CHG~0.00%
Published-26 Sep, 2019 | 15:05
Updated-16 Sep, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the QRadar system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 160014.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-29260
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 21.56%
||
7 Day CHG~0.00%
Published-19 Jul, 2023 | 01:17
Updated-28 Oct, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Connect:Express for UNIX server-side request forgery

IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-sterling_connect\solarislinux_kernelwindowsaixSterling Connect:Express for UNIXsterling_connect\
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-30444
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.40% / 32.37%
||
7 Day CHG~0.00%
Published-27 Apr, 2023 | 12:52
Updated-30 Jan, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Watson Machine Learning on Cloud Pak for Data server-side request forgery

IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350.

Action-Not Available
Vendor-IBM Corporation
Product-watson_machine_learning_on_cloud_pak_for_dataWatson Machine Learning on Cloud Pak for Data
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2018-1789
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-1.23% / 65.30%
||
7 Day CHG~0.00%
Published-07 Sep, 2018 | 16:00
Updated-17 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-1142
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 5.90%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 14:44
Updated-03 Sep, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Edge Application Manager server-side request forgery

IBM Edge Application Manager 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Action-Not Available
Vendor-IBM Corporation
Product-edge_application_managerEdge Application Manager
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-39057
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.2||MEDIUM
EPSS-0.49% / 38.31%
||
7 Day CHG~0.00%
Published-13 Dec, 2021 | 18:35
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelspectrum_protect_plusSpectrum Protect Plus
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-29749
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.83% / 53.17%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 16:00
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201777.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_secure_proxysecure_external_authentication_serverSecure External Authentication ServerSecure Proxy
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-20343
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.50% / 39.36%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 20:40
Updated-16 Sep, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194593.

Action-Not Available
Vendor-IBM Corporation
Product-rational_doors_next_generationrational_engineering_lifecycle_managerengineering_test_managementrational_quality_managerengineering_lifecycle_optimization_-_publishingremovable_media_managerengineering_lifecycle_optimization_-_engineering_insightscollaborative_lifecycle_managementengineering_lifecycle_managementRational Quality ManagerRational DOORS Next GenerationRational Rhapsody Model ManagerRational Collaborative Lifecycle ManagementEngineering Lifecycle OptimizationRational Engineering Lifecycle ManagerEngineering Test Management
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-5014
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.87% / 54.31%
||
7 Day CHG~0.00%
Published-08 Mar, 2021 | 18:00
Updated-16 Sep, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247.

Action-Not Available
Vendor-IBM Corporation
Product-datapower_gatewayDataPower Gateway
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-4787
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.2||MEDIUM
EPSS-0.29% / 20.79%
||
7 Day CHG~0.00%
Published-27 Jan, 2021 | 16:35
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189224.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-31897
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 21.42%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 02:01
Updated-02 Aug, 2024 | 01:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cloud Pak for Business Automation server-side request forgery

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 288178.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_business_automationCloud Pak for Business Automation
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-31776
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.44% / 35.57%
||
7 Day CHG~0.00%
Published-31 Jul, 2022 | 16:07
Updated-17 Sep, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 228433.

Action-Not Available
Vendor-IBM Corporation
Product-datapower_gatewayDataPower Gateway
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-29738
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.47% / 37.08%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 16:00
Updated-16 Sep, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201302.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-20345
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.50% / 39.36%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 20:40
Updated-16 Sep, 2024 | 22:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194594.

Action-Not Available
Vendor-IBM Corporation
Product-rational_doors_next_generationrational_engineering_lifecycle_managerengineering_test_managementrational_quality_managerengineering_lifecycle_optimization_-_publishingremovable_media_managerengineering_lifecycle_optimization_-_engineering_insightscollaborative_lifecycle_managementengineering_lifecycle_managementRational Quality ManagerRational DOORS Next GenerationRational Rhapsody Model ManagerRational Collaborative Lifecycle ManagementEngineering Lifecycle OptimizationRational Engineering Lifecycle ManagerEngineering Test Management
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-22329
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 21.90%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 01:21
Updated-23 Oct, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server server-side request forgery

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID: 279951.

Action-Not Available
Vendor-IBM Corporation
Product-WebSphere Application Server LibertyWebSphere Application Serverwebsphere_application_server_libertywebsphere_application_server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-50952
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 14.35%
||
7 Day CHG~0.00%
Published-30 Jun, 2024 | 18:06
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server server-side request forgery

IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 275774.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-35896
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.29% / 20.72%
||
7 Day CHG~0.00%
Published-03 Nov, 2023 | 02:14
Updated-04 Sep, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Content Navigator server-side request forgery

IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowslinux_kernelcontent_navigatorContent Navigator
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-50168
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.19% / 9.22%
||
7 Day CHG-0.09%
Published-22 Jun, 2026 | 15:39
Updated-30 Jun, 2026 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Angular: URL Parser Differential in @angular/platform-server leading to SSRF Allowlist Bypass

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/platform-server package allows remote attackers to bypass host allowlist constraints and direct server-side outgoing requests to arbitrary external endpoints. This occurs due to a parser differential between the strict WHATWG URL parser used for allowlist validation and the lenient Domino URL parser used to initialize the server emulated DOM. When a server-side request contains a malformed URL with a double port structure (e.g., http://evil.com:80:80/path), Node's strict URL.canParse(url) logic returns false and skips host check validation entirely. However, the same malformed URL is later accepted and parsed leniently by Domino's internal parser, which resolves the origin to http://evil.com:80. The Angular SSR HTTP request interceptor (relativeUrlsTransformerInterceptorFn) then resolves all relative backend HTTP requests against this adopted origin, executing the SSRF attack. This vulnerability is fixed in 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23.

Action-Not Available
Vendor-angularAngularJS
Product-angularjsangular
CWE ID-CWE-346
Origin Validation Error
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-9312
Matching Score-4
Assigner-GitHub, Inc. (Products Only)
ShareView Details
Matching Score-4
Assigner-GitHub, Inc. (Products Only)
CVSS Score-9.2||CRITICAL
EPSS-6.55% / 92.98%
||
7 Day CHG-0.05%
Published-27 May, 2026 | 00:02
Updated-30 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery vulnerability in GitHub Enterprise Server allowed access to internal services via path traversal in upload endpoint

A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests to internal services by exploiting insufficient input validation in an upload endpoint. By injecting path traversal content into request parameters, an attacker could bypass the intended request flow and redirect internal API calls, potentially accessing internal services and exposing sensitive credentials. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was fixed in versions 3.17.17, 3.18.11, 3.19.8, 3.20.4, and 3.21.2. This vulnerability was reported via the GitHub Bug Bounty program.

Action-Not Available
Vendor-GitHub, Inc.
Product-enterprise_serverEnterprise Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-44971
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.20% / 9.75%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 14:43
Updated-01 Jun, 2026 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GuardDog: Blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltration

GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an attacker who can influence the scanned repository URL to trigger SSRF and capture the GH_TOKEN used by GuardDog. This vulnerability is fixed in .

Action-Not Available
Vendor-DataDog
Product-guarddog
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-43526
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.3||HIGH
EPSS-0.25% / 16.34%
||
7 Day CHG~0.00%
Published-05 May, 2026 | 11:24
Updated-07 May, 2026 | 01:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.4.12 - Server-Side Request Forgery via QQBot Reply Media URL Handling

OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded through the channel.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-3192
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-8.8||HIGH
EPSS-0.30% / 21.91%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 05:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Versions of the package spatie/browsershot from 0.0.0 are vulnerable to Server-side Request Forgery (SSRF) in the setUrl() function due to a missing restriction on user input, enabling attackers to access localhost and list all of its directories.

Action-Not Available
Vendor-n/a
Product-spatie/browsershot
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-42353
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.39% / 30.62%
||
7 Day CHG~0.00%
Published-08 May, 2026 | 15:29
Updated-12 May, 2026 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path traversal / SSRF in i18next-http-middleware via user-controlled language and namespace parameters

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler directly into i18next.services.backendConnector.load(languages, namespaces, …) without any sanitization. Depending on which backend is configured, the unvalidated path segments enable either path traversal or SSRF. This issue has been patched in version 3.9.3.

Action-Not Available
Vendor-i18next
Product-i18next-http-middleware
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-48764
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.27% / 18.92%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 23:29
Updated-22 Jun, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TypeBot has SSRF in HTTP request and script fetch flows via DNS rebinding bypass

TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap in the SSRF guard. The validator resolves the hostname and approves it, but the later request path performs a fresh resolution and connects to whatever IP the hostname maps to at that moment. The actual outbound request is then performed later using the original hostname, without pinning the validated IP to the network connection. An attacker who can supply a URL to a public bot that performs a server-side HTTP Request block or server-side script fetch can use DNS rebinding to pass the initial validation and still force the server to connect to a private or metadata address during the real request. This enables server-side access to private network services, cloud metadata endpoints, and other internal HTTP targets that the validator was intended to block. The exact downstream impact depends on the reachable internal services. Concrete consequences include metadata disclosure, access to internal admin panels, credential theft from metadata services, and further compromise through internal-only HTTP interfaces. This issue has been fixed in version 3.17.2.

Action-Not Available
Vendor-baptisteArno
Product-typebot.io
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-2691
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-8.8||HIGH
EPSS-0.36% / 28.46%
||
7 Day CHG~0.00%
Published-23 Mar, 2025 | 14:21
Updated-26 Mar, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Versions of the package nossrf before 1.0.4 are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypass the SSRF protection mechanism.

Action-Not Available
Vendor-nossrf_projectn/a
Product-nossrfnossrf
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-42591
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.24% / 15.55%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 15:20
Updated-18 May, 2026 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gotenberg: Server-Side Request Forgery (SSRF) in github.com/gotenberg/gotenberg/v8

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint (/forms/libreoffice/convert) passes uploaded documents directly to LibreOffice without inspecting their content. LibreOffice then fetches any embedded external URLs on its own, completely bypassing the SSRF filters. This vulnerability is fixed in 8.32.0.

Action-Not Available
Vendor-thecodingmachinegotenberg
Product-gotenberggotenberg
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-42260
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.21% / 11.89%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 14:09
Updated-14 May, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open-WebSearch: SSRF in `fetchWebContent` MCP tool: bracketed IPv6 literals and non-resolving hostname check bypass `isPrivateOrLocalHostname`

Open-WebSearch is a multi-engine MCP server, CLI, and local daemon for agent web search and content retrieval. Prior to 2.1.7, isPublicHttpUrl / assertPublicHttpUrl in src/utils/urlSafety.ts do not recognize bracketed IPv6 literals and do not resolve DNS, which combine to allow non-blind SSRF with the response body returned to the caller. This vulnerability is fixed in 2.1.7.

Action-Not Available
Vendor-Aas-ee
Product-open-webSearch
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-33502
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.44% / 35.46%
||
7 Day CHG~0.00%
Published-23 Mar, 2026 | 16:29
Updated-24 Mar, 2026 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AVideo has Unauthenticated SSRF via plugin/Live/test.php

WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated server-side request forgery vulnerability in `plugin/Live/test.php` allows any remote user to make the AVideo server send HTTP requests to arbitrary URLs. This can be used to probe localhost/internal services and, when reachable, access internal HTTP resources or cloud metadata endpoints. Commit 1e6cf03e93b5a5318204b010ea28440b0d9a5ab3 contains a patch.

Action-Not Available
Vendor-wwbnWWBN
Product-avideoAVideo
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-28416
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.32% / 23.36%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 21:47
Updated-05 Mar, 2026 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses `gr.load()` to load an attacker-controlled Space, the malicious `proxy_url` from the config is trusted and added to the allowlist, enabling the attacker to access internal services, cloud metadata endpoints, and private networks through the victim's infrastructure. Version 6.6.0 fixes the issue.

Action-Not Available
Vendor-gradio_projectgradio-app
Product-gradiogradio
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-6424
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.3||CRITICAL
EPSS-0.49% / 38.78%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 12:54
Updated-22 Oct, 2025 | 20:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery vulnerability in MESbook

External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint "/api/Proxy/Post?userName=&password=&uri=<FILE|INTERNAL URL|IP/HOST" or "/api/Proxy/Get?userName=&password=&uri=<ARCHIVO|URL INTERNA|IP/HOST" to read the source code of web files, read internal files or access network resources.

Action-Not Available
Vendor-mesbookMESbook
Product-mesbookMESbook
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-46784
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.2||HIGH
EPSS-0.50% / 39.09%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:34
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ICS Calendar plugin <= 10.12.0.3 - SSRF and Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a through 10.12.0.3.

Action-Not Available
Vendor-Room 34 Creative Services, LLCroom_34_creative_services
Product-ICS Calendarics_calendar
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-47049
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.64% / 46.00%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 00:00
Updated-18 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files.

Action-Not Available
Vendor-czimn/a
Product-file-handlingn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-7740
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-8.2||HIGH
EPSS-2.04% / 78.82%
||
7 Day CHG~0.00%
Published-06 Oct, 2020 | 16:40
Updated-17 Sep, 2024 | 03:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-side Request Forgery (SSRF)

This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack.

Action-Not Available
Vendor-node-pdf-generator_projectn/a
Product-node-pdf-generatornode-pdf-generator
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CWE ID-CWE-20
Improper Input Validation
CVE-2020-11987
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.2||HIGH
EPSS-13.63% / 96.02%
||
7 Day CHG~0.00%
Published-24 Feb, 2021 | 00:00
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

Action-Not Available
Vendor-n/aFedora ProjectThe Apache Software FoundationOracle CorporationDebian GNU/Linux
Product-fusion_middleware_mapviewerbanking_apisinsurance_policy_administrationflexcube_universal_bankinginstantis_enterprisetrackretail_back_officeretail_point-of-serviceretail_central_officecommunications_offline_mediation_controllerretail_order_brokerretail_order_management_system_cloud_serviceagile_engineering_data_managementcommunications_application_session_controllerdebian_linuxbanking_digital_experiencebatikcommunications_metasolv_solutionproduct_lifecycle_analyticsfedoraenterprise_repositoryweblogic_serverretail_returns_managementApache Batik
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-11988
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.2||HIGH
EPSS-6.65% / 93.06%
||
7 Day CHG~0.00%
Published-24 Feb, 2021 | 17:05
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.

Action-Not Available
Vendor-n/aThe Apache Software FoundationFedora Project
Product-xmlgraphics_commonsfedoraApache XmlGraphics Commons
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CWE ID-CWE-20
Improper Input Validation
CVE-2026-43929
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.23% / 13.30%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 17:49
Updated-13 May, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ssrfcheck: Server-Side Request Forgery (SSRF) and Incomplete List of Disallowed Inputs

ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address (e.g. http://[::ffff:127.0.0.1]/). The WHATWG URL parser built into Node.js silently normalizes the IPv4 notation inside the brackets to compressed hex form ([::ffff:7f00:1]) before the library's private-IP regex ever runs. The regex was written to match dot-notation only and therefore never matches any real input — all seven IANA private IPv4 ranges, including the AWS/GCP/Azure metadata address 169.254.169.254, are bypassed. Any application using isSSRFSafeURL() to guard HTTP requests made with user-supplied URLs is fully exposed to SSRF.

Action-Not Available
Vendor-felippe-regazio
Product-ssrfcheck
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-8267
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-8.8||HIGH
EPSS-0.46% / 36.33%
||
7 Day CHG+0.02%
Published-28 Jul, 2025 | 05:00
Updated-07 Aug, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 (Multicast) as invalid. This oversight allows attackers to craft requests targeting these multicast addresses.

Action-Not Available
Vendor-felipperegazion/a
Product-ssrf_checkssrfcheck
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-8020
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-8.8||HIGH
EPSS-0.31% / 22.61%
||
7 Day CHG~0.00%
Published-23 Jul, 2025 | 05:00
Updated-23 Jul, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of the package private-ip are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide an IP or hostname that resolves to a multicast IP address (224.0.0.0/4) which is not included as part of the private IP ranges in the package's source code.

Action-Not Available
Vendor-n/a
Product-private-ip
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-40700
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.2||HIGH
EPSS-1.00% / 58.49%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 14:30
Updated-28 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins

Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet – A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP – Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply – Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder – Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.

Action-Not Available
Vendor-arcstoneagence-presswpopalmillioncluesunihostpaulclarksquidesmadeanolongwatchstudiomontoniodesignmodofrumphSquidesmaTeam Agence-PressArun Basil LalUnihostdeano1987MontonioAMO for WP – Membership ManagementPaul ClarkDesignmodo Inc.Philip M. Hofer (Frumph)Long Watch StudioWpopal
Product-css_adderwpopal_core_featuresstylesmontonio_for_woocommercephpfreechatwoovipcustom_login_admin_front-end_csswoovirtualwalletamo_for_wp_-_membership_managementqardstheme_minifierwoosupplyamp_toolboxadmin_css_muconfirm_dataWooVIP – Membership plugin for WordPress and WooCommerceWordPress Page Builder – QardsMontonio for WooCommerceWooSupply – Suppliers, Supply Orders and Stock ManagementAdmin CSS MUArcStoneWpopal Core FeaturesCustom Login Admin Front-end CSSAMP ToolboxCSS Adder By Agence-PressStylesPHPFreeChatWooVirtualWallet – A virtual wallet for WooCommerceConfirm DataTheme Minifier
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-68696
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.26% / 17.32%
||
7 Day CHG~0.00%
Published-23 Dec, 2025 | 22:59
Updated-07 Jan, 2026 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.

Action-Not Available
Vendor-jnunemakerjnunemaker
Product-httpartyhttparty
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found