Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-54401

Summary
Assigner-hackerone
Assigner Org ID-36234546-b8fa-4601-9d6f-f4e334aa8ea1
Published At-02 Jul, 2026 | 14:49
Updated At-02 Jul, 2026 | 15:51
Rejected At-
Credits

A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalate privileges within such UniFi OS devices or instances.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hackerone
Assigner Org ID:36234546-b8fa-4601-9d6f-f4e334aa8ea1
Published At:02 Jul, 2026 | 14:49
Updated At:02 Jul, 2026 | 15:51
Rejected At:
â–¼CVE Numbering Authority (CNA)

A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalate privileges within such UniFi OS devices or instances.

Affected Products
Vendor
Ubiquiti Inc.Ubiquiti Inc
Product
UniFi OS Server
Default Status
unaffected
Versions
Affected
  • From 0 before 5.1.19 (semver)
Vendor
Ubiquiti Inc.Ubiquiti Inc
Product
Dream Machines
Default Status
unaffected
Versions
Affected
  • From 0 before 5.1.19 (semver)
Vendor
Ubiquiti Inc.Ubiquiti Inc
Product
Enterprise Fortress Gateway
Default Status
unaffected
Versions
Affected
  • From 0 before 5.1.19 (semver)
Vendor
Ubiquiti Inc.Ubiquiti Inc
Product
Dream Wall
Default Status
unaffected
Versions
Affected
  • From 0 before 5.1.19 (semver)
Vendor
Ubiquiti Inc.Ubiquiti Inc
Product
Dream Routers
Default Status
unaffected
Versions
Affected
  • From 0 before 5.1.19 (semver)
Vendor
Ubiquiti Inc.Ubiquiti Inc
Product
Express 7
Default Status
unaffected
Versions
Affected
  • From 0 before 5.1.19 (semver)
Vendor
Ubiquiti Inc.Ubiquiti Inc
Product
Cloud Keys
Default Status
unaffected
Versions
Affected
  • From 0 before 5.1.19 (semver)
Vendor
Ubiquiti Inc.Ubiquiti Inc
Product
Network Video Recorders
Default Status
unaffected
Versions
Affected
  • From 0 before 5.1.19 (semver)
Vendor
Ubiquiti Inc.Ubiquiti Inc
Product
Enterprise Video Recorders
Default Status
unaffected
Versions
Affected
  • From 0 before 5.1.19 (semver)
Vendor
Ubiquiti Inc.Ubiquiti Inc
Product
Cloud Gateways
Default Status
unaffected
Versions
Affected
  • From 0 before 5.1.19 (semver)
Vendor
Ubiquiti Inc.Ubiquiti Inc
Product
Network Attached Storage
Default Status
unaffected
Versions
Affected
  • From 0 before 5.1.19 (semver)
Vendor
Ubiquiti Inc.Ubiquiti Inc
Product
Enterprise Firewall Core
Default Status
unaffected
Versions
Affected
  • From 0 before 5.1.19 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-918CWE-918 Server-Side Request Forgery (SSRF)
Type: CWE
CWE ID: CWE-918
Description: CWE-918 Server-Side Request Forgery (SSRF)
Metrics
VersionBase scoreBase severityVector
3.17.7HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc
N/A
Hyperlink: https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:support@hackerone.com
Published At:02 Jul, 2026 | 15:17
Updated At:02 Jul, 2026 | 16:54

A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalate privileges within such UniFi OS devices or instances.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.7HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
N/A
Type: Secondary
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-918Secondarysupport@hackerone.com
CWE ID: CWE-918
Type: Secondary
Source: support@hackerone.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afcsupport@hackerone.com
N/A
Hyperlink: https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc
Source: support@hackerone.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

88Records found

CVE-2026-34911
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-7.7||HIGH
EPSS-0.68% / 47.90%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 00:43
Updated-24 Jun, 2026 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.

Action-Not Available
Vendor-Ubiquiti Inc.
Product-unifi_network_video_recorder_instant_firmwareunifi_cloud_gateway_fiberunifi_dream_machine_pro_firmwareenterprise_network_video_recorder_firmwareunifi_dream_machine_firmwareunifi_cloud_key_plus_firmwareunifi_cloudkey_firmwareunifi_network_video_recorder_g2_prounifi_express_7unifi_dream_machine_beast_firmwareunas_4_firmwareenterprise_fortress_gateway_firmwareunifi_express_7_firmwareunifi_cloud_gateway_fiber_firmwareunas_2_firmwareunas_pro_4_firmwareunifi_network_video_recorder_instantunifi_dream_machine_special_editionunas_pro_8_firmwareunifi_dream_machine_pro_max_firmwareunifi_network_video_recorder_firmwareunas_4unifi_cloud_gateway_maxunas_pro_4unifi_network_video_recorder_g2_firmwareunifi_dream_router_firmwareunifi_cloudkey_enterpriseenterprise_network_video_recorderunifi_cloud_gateway_industrial_firmwareunifi_cloud_key_plusunifi_dream_routerunifi_dream_wall_firmwareunifi_network_video_recorder_pro_firmwareunifi_dream_router_7_firmwareunifi_network_video_recorder_g2unifi_dream_router_5g_max_firmwareenterprise_fortress_gatewayenterprise_network_video_recorder_core_firmwareunifi_cloud_gateway_industrialunas_prounas_2unifi_dream_wallunifi_dream_machine_beastunas_pro_firmwareunifi_cloud_gateway_ultraunas_pro_8enterprise_network_video_recorder_coreunifi_os_serverunifi_network_video_recorderunifi_cloudkeyunifi_dream_router_7unifi_dream_machineunifi_dream_machine_pro_maxunifi_dream_router_5g_maxunifi_network_video_recorder_prounifi_network_video_recorder_g2_pro_firmwareunifi_cloud_gateway_max_firmwareunifi_dream_machine_prounifi_cloudkey_enterprise_firmwareunifi_cloud_gateway_ultra_firmwareunifi_dream_machine_special_edition_firmwareUniFi OS ServerUNVR-ProUDM-Pro-MaxUDRUNAS-4UNAS-Pro-4UDWUCG-UltraUNAS-2UCG-FiberUDR7EFGUNVR-InstantUDMUDM-SEUNVR-G2UCK-EnterpriseENVRUCG-MaxUCKExpress 7UDM-ProUCG-IndustrialUDM-BeastUCKPUDR-5GUNVRUNAS-Pro-8ENVR-CoreUNVR-G2-ProUNAS-Pro
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-22558
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-7.7||HIGH
EPSS-0.55% / 42.20%
||
7 Day CHG+0.05%
Published-19 Mar, 2026 | 14:24
Updated-30 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges.

Action-Not Available
Vendor-Ubiquiti Inc.
Product-UniFi Network Application
CWE ID-CWE-943
Improper Neutralization of Special Elements in Data Query Logic
CVE-2026-55115
Matching Score-6
Assigner-HackerOne
ShareView Details
Matching Score-6
Assigner-HackerOne
CVSS Score-9.9||CRITICAL
EPSS-0.23% / 13.98%
||
7 Day CHG~0.00%
Published-02 Jul, 2026 | 14:50
Updated-02 Jul, 2026 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi Protect Application to escalate privileges on the host device.

Action-Not Available
Vendor-Ubiquiti Inc.
Product-UniFi Protect Application
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-55113
Matching Score-6
Assigner-HackerOne
ShareView Details
Matching Score-6
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.24% / 14.75%
||
7 Day CHG~0.00%
Published-02 Jul, 2026 | 14:50
Updated-02 Jul, 2026 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor with access to the network could exploit a Server-Side Request Forgery (SSRF) vulnerability found in UniFi Talk Application to execute a Denial of Service (DoS) attack and bypass authentication in certain UniFi Talk API endpoints.

Action-Not Available
Vendor-Ubiquiti Inc.
Product-UniFi Talk Application
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-27217
Matching Score-6
Assigner-HackerOne
ShareView Details
Matching Score-6
Assigner-HackerOne
CVSS Score-9.1||CRITICAL
EPSS-0.37% / 29.27%
||
7 Day CHG+0.04%
Published-21 Aug, 2025 | 00:01
Updated-22 Aug, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP Application scope.

Action-Not Available
Vendor-Ubiquiti Inc.
Product-UISP Application
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-59095
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.3||HIGH
EPSS-0.24% / 14.44%
||
7 Day CHG~0.00%
Published-02 Jul, 2026 | 19:41
Updated-02 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LobeChat < 2.2.10-canary.18 - SSRF via importFromUrl and fetchImageFromUrl

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service (importFromUrl) and topic cover update (fetchImageFromUrl) endpoints, which use the global fetch without the project's ssrf-safe-fetch wrapper. Attackers can target internal addresses such as cloud instance metadata endpoints through these unprotected code paths to disclose internal service responses and cloud credentials.

Action-Not Available
Vendor-lobehub
Product-lobehub
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-53812
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-4.9||MEDIUM
EPSS-0.25% / 15.85%
||
7 Day CHG~0.00%
Published-11 Jun, 2026 | 20:07
Updated-23 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.18 - Private-Network Navigation Bypass via Browser Act Interactions

OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows authenticated users to bypass private-network navigation checks through Playwright act interactions. Attackers can trigger navigation to private-network targets via action-triggered redirects and subsequently read restricted page content using browser evaluation capabilities.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-54033
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.21% / 10.88%
||
7 Day CHG+0.01%
Published-25 Jun, 2026 | 15:50
Updated-29 Jun, 2026 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LibreChat: SSRF via User-Provided Custom Endpoint baseURL — no private IP validation on user-configured API base URLs

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation — no private IP check, no scheme restriction, no DNS pinning. An authenticated user can set baseURL to internal network addresses. This vulnerability is fixed in 0.8.4-rc1.

Action-Not Available
Vendor-librechatdanny-avila
Product-librechatLibreChat
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-54018
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.29% / 20.46%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 16:42
Updated-25 Jun, 2026 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the SafePlaywrightURLLoader implements a validate_url function to prevent SSRF attacks by checking the IP address of the user-provided URL. However, this validation is performed only on the initial URL. Since Playwright automatically follows HTTP redirects (301/302) by default, an attacker can bypass the validation by providing a safe URL that redirects to a restricted internal network address (e.g., localhost, Docker container network, or Cloud Metadata). This allows the application to access internal services despite ENABLE_RAG_LOCAL_WEB_FETCH being set to False This vulnerability is fixed in 0.9.6.

Action-Not Available
Vendor-openwebuiopen-webui
Product-open_webuiopen-webui
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-49093
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-6.3||MEDIUM
EPSS-0.20% / 9.89%
||
7 Day CHG+0.02%
Published-28 May, 2026 | 19:51
Updated-01 Jun, 2026 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery (CWE-918) in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block.

Action-Not Available
Vendor-Elasticsearch BV
Product-kibanaKibana
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-46717
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.27% / 18.57%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 21:02
Updated-13 Jun, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's dashboard supports two user roles: RoleAdmin (Role==0) and RoleMember (Role==1). The notification routes POST /api/v1/notification and PATCH /api/v1/notification/:id are wired through commonHandler rather than adminHandler — so a RoleMember user can call them. These handlers synchronously Send() an HTTP request to a user-controlled URL and reflect the entire response body (no size limit) back to the caller on any non-2xx response. This issue has been patched in version 2.0.8.

Action-Not Available
Vendor-nezhahq
Product-nezha
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-47170
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.21% / 11.04%
||
7 Day CHG~0.00%
Published-11 Jun, 2026 | 18:38
Updated-13 Jun, 2026 | 02:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Garlic-Hub: SSRF vulnerability in uploadFromUrl endpoint

Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port scanning, service fingerprinting, and retrieval of internal HTTP responses which are stored in the publicly accessible media pool. This issue has been patched in version 1.1.

Action-Not Available
Vendor-garlic-signage
Product-garlic-hub
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-45715
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.26% / 17.08%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 17:10
Updated-28 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration

Budibase is an open-source low-code platform. Prior to 3.38.1, the REST datasource integration (packages/server/src/integrations/rest.ts) follows HTTP redirects without re-checking the IP blacklist, allowing an authenticated Builder to access internal services (cloud metadata, databases) by redirecting through an attacker-controlled server. This vulnerability is fixed in 3.38.1.

Action-Not Available
Vendor-Budibase
Product-budibase
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-44285
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.26% / 17.68%
||
7 Day CHG~0.00%
Published-29 May, 2026 | 19:32
Updated-01 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FastGPT: SSRF Protection Bypass via `externalFile` in Dataset Preview API

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by exploiting an incomplete fix in the dataset preview endpoint /api/core/dataset/file/getPreviewChunks when utilizing the externalFile data import type. This vulnerability is fixed in 4.15.0-beta1.

Action-Not Available
Vendor-Labring Computing Co., LTD.
Product-FastGPT
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-43884
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.35% / 26.77%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 20:44
Updated-12 May, 2026 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WWBN AVideo: SSRF Protection Bypass via HTTP Redirect and DNS Rebinding in isSSRFSafeURL()

WWBN AVideo is an open source video platform. In versions up to and including 29.0, two endpoints (plugin/AI/receiveAsync.json.php and objects/EpgParser.php) in AVideo call isSSRFSafeURL() to validate user-supplied URLs, then fetch them using bare file_get_contents() without disabling PHP's automatic redirect following. An attacker can supply a URL pointing to a server they control that returns a 302 redirect to an internal/cloud-metadata address (e.g., http://169.254.169.254/latest/meta-data/). Since isSSRFSafeURL() only validates the initial URL, the redirect target bypasses all SSRF protections. Commit 603e7bf77a835584387327e35560262feb075db3 contains an updated fix.

Action-Not Available
Vendor-WWBN
Product-AVideo
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-43576
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-4.9||MEDIUM
EPSS-0.27% / 17.91%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 19:49
Updated-07 May, 2026 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.4.5 - Second-hop SSRF via CDP /json/version WebSocket URL

OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket endpoint that allows attackers to pivot to untrusted second-hop targets. The webSocketDebuggerUrl response field is not properly validated, enabling attackers to redirect connections to arbitrary hosts and perform SSRF-style attacks.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-43573
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-4.9||MEDIUM
EPSS-0.25% / 16.56%
||
7 Day CHG~0.00%
Published-05 May, 2026 | 11:25
Updated-07 May, 2026 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.4.10 - SSRF Policy Bypass in Existing-Session Browser Interaction Routes

OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction routes. Attackers can bypass SSRF navigation guards to interact with or navigate to unauthorized targets without policy enforcement.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-43527
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.3||MEDIUM
EPSS-0.28% / 19.80%
||
7 Day CHG~0.00%
Published-05 May, 2026 | 11:24
Updated-07 May, 2026 | 13:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.4.14 - Server-Side Request Forgery via Private Network Navigation

OpenClaw before 2026.4.14 contains a server-side request forgery vulnerability in browser SSRF policy that allows private-network navigation by default. Attackers can exploit this misconfiguration to access internal services or metadata endpoints through browser-driven requests.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-42398
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-7.7||HIGH
EPSS-0.30% / 21.69%
||
7 Day CHG+0.03%
Published-28 May, 2026 | 19:47
Updated-01 Jun, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery (CWE-918) in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kibana to issue outbound requests to destinations that the egress restriction controls were intended to block.

Action-Not Available
Vendor-Elasticsearch BV
Product-kibanaKibana
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-42141
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.37% / 28.93%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 17:14
Updated-13 May, 2026 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xibo: Authenticated Server-Side Request Forgery (SSRF) in Library Upload via URL functionality

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests from the CMS server to internal or external network resources. This can be exploited to scan internal infrastructure, access local cloud metadata endpoints (e.g., AWS IMDS), interact with internal services that lack authentication, or exfiltrate data. This vulnerability is fixed in 4.4.1.

Action-Not Available
Vendor-xibosignage
Product-xibo-cms
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-41413
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5||MEDIUM
EPSS-0.33% / 24.76%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 04:18
Updated-08 May, 2026 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Istio Vulnerable to SSRF via RequestAuthentication jwksUri

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhost or link local ips. This can result in sensitive data being distributed to Envoy proxies via xDS configuration. This issue has been patched in versions 1.28.6 and 1.29.2.

Action-Not Available
Vendor-istioistio
Product-istioistio
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-41688
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.23% / 13.33%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 13:52
Updated-07 May, 2026 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incomplete fix for CVE-2026-33399: SSRF in Wallos

Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname() but passes the original hostname to cURL without CURLOPT_RESOLVE pinning on 10 of 11 outbound HTTP endpoints, leaving a DNS rebinding TOCTOU window. At time of publication, there are no publicly available patches.

Action-Not Available
Vendor-ellite
Product-Wallos
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-41905
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.21% / 11.04%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 18:08
Updated-07 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeScout vulnerable to SSRF via Helper::sanitizeRemoteUrl: redirect destination not re-validated, allowing internal HTTP / cloud-metadata access

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl() in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl() but then re-validates the original URL instead of the final redirect destination. An attacker who can supply any URL that passes the initial host check can redirect FreeScout to internal HTTP services (cloud metadata, internal APIs, RFC1918 ranges) that would normally be blocked. This issue has been patched in version 1.8.217.

Action-Not Available
Vendor-freescout-help-desk
Product-freescout
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-40150
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.27% / 18.51%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 21:26
Updated-24 Apr, 2026 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. This allows an attacker (or prompt injection in crawled content) to force the agent to fetch cloud metadata endpoints, internal services, or local files via file:// URLs. This vulnerability is fixed in 1.5.128.

Action-Not Available
Vendor-praisonMervinPraison
Product-praisonaiagentsPraisonAIAgents
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-39843
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.25% / 15.69%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 15:43
Updated-17 Apr, 2026 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Plane has a Server-Side Request Forgery (SSRF) in Favicon Fetching

Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of GHSA-jcc6-f9v6-f7jw is incomplete which could lead to the same full read Server-Side Request Forgery when a normal html page contains a link tag with an href that redirects to a private IP address is supplied to Add link by an authenticated attacker with low privileges. Redirects for the main page URL are validated, but not the favicon fetch path. fetch_and_encode_favicon() still uses requests.get(favicon_url, ...) with the default redirect-following. This vulnerability is fixed in 1.3.0.

Action-Not Available
Vendor-planemakeplane
Product-planeplane
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-40348
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.38% / 29.91%
||
7 Day CHG~0.00%
Published-18 Apr, 2026 | 00:01
Updated-27 Apr, 2026 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Movary has Authenticated SSRF via Jellyfin Server URL Verification that Allows Internal Network Probing

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can trigger server-side requests to arbitrary internal targets through `POST /settings/jellyfin/server-url-verify`. The endpoint accepts a user-controlled URL, appends `/system/info/public`, and sends a server-side HTTP request with Guzzle. Because there is no restriction on internal hosts, loopback addresses, or private network ranges, this can be abused for SSRF and internal network probing. Any ordinary authenticated user can use this endpoint to make the server connect to arbitrary internal targets and distinguish between different network states. This enables SSRF-based internal reconnaissance, including host discovery, port-state probing, and service fingerprinting. In certain deployments, it may also be usable to reach internal administrative services or cloud metadata endpoints that are not directly accessible from the outside. Version 0.71.1 fixes the issue.

Action-Not Available
Vendor-leepeukerleepeuker
Product-movarymovary
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-34746
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.30% / 21.34%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 19:43
Updated-13 Apr, 2026 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Payload has Authenticated SSRF via Upload Functionality

Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability exists in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the server to make outbound HTTP requests to arbitrary URLs. This issue has been patched in version 3.79.1.

Action-Not Available
Vendor-payloadcmspayloadcms
Product-payloadpayload
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-34936
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.34% / 25.60%
||
7 Day CHG~0.00%
Published-03 Apr, 2026 | 22:50
Updated-14 Apr, 2026 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough() and apassthrough() in praisonai accept a caller-controlled api_base parameter that is concatenated with endpoint and passed directly to httpx.Client.request() when the litellm primary path raises AttributeError. No URL scheme validation, private IP filtering, or domain allowlist is applied, allowing requests to any host reachable from the server. This issue has been patched in version 4.5.90.

Action-Not Available
Vendor-praisonMervinPraison
Product-praisonaiPraisonAI
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-35409
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.34% / 25.56%
||
7 Day CHG~0.00%
Published-06 Apr, 2026 | 21:31
Updated-20 Apr, 2026 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Directus has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in File Import

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.0, a Server-Side Request Forgery (SSRF) protection bypass has been identified and fixed in Directus. The IP address validation mechanism used to block requests to local and private networks could be circumvented using IPv4-Mapped IPv6 address notation. This vulnerability is fixed in 11.16.0.

Action-Not Available
Vendor-monospacedirectus
Product-directusdirectus
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-35187
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.27% / 18.49%
||
7 Day CHG~0.00%
Published-06 Apr, 2026 | 19:33
Updated-20 Apr, 2026 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pyLoad has SSRF in parse_urls API endpoint via unvalidated URL parameter

pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the parse_urls API function in src/pyload/core/api/__init__.py fetches arbitrary URLs server-side via get_url(url) (pycurl) without any URL validation, protocol restriction, or IP blacklist. An authenticated user with ADD permission can make HTTP/HTTPS requests to internal network resources and cloud metadata endpoints, read local files via file:// protocol (pycurl reads the file server-side), interact with internal services via gopher:// and dict:// protocols, and enumerate file existence via error-based oracle (error 37 vs empty response).

Action-Not Available
Vendor-pyload-ng_projectpyload
Product-pyload-ngpyload
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-34428
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.3||HIGH
EPSS-0.26% / 16.93%
||
7 Day CHG~0.00%
Published-20 Apr, 2026 | 13:55
Updated-08 May, 2026 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vvveb < 1.0.8.1 SSRF via oEmbedProxy

Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl() via curl without scheme or destination validation. Authenticated backend users can supply file:// URLs to read arbitrary files readable by the web server process or http:// URLs targeting internal network addresses to probe internal services, with response bodies returned directly to the caller.

Action-Not Available
Vendor-givanz
Product-Vvveb
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-34163
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.28% / 20.12%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 13:43
Updated-01 Apr, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery via MCP Tools Endpoint in FastGPT

FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP (Model Context Protocol) tools endpoints (/api/core/app/mcpTools/getTools and /api/core/app/mcpTools/runTool) accept a user-supplied URL parameter and make server-side HTTP requests to it without validating whether the URL points to an internal/private network address. Although the application has a dedicated isInternalAddress() function for SSRF protection (used in other endpoints like the HTTP workflow node), the MCP tools endpoints do not call this function. An authenticated attacker can use these endpoints to scan internal networks, access cloud metadata services, and interact with internal services such as MongoDB and Redis. This issue has been patched in version 4.14.9.5.

Action-Not Available
Vendor-fastgptLabring Computing Co., LTD.
Product-fastgptFastGPT
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-54017
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.35% / 26.92%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 21:09
Updated-24 Jun, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse proxy in `backend/open_webui/routers/terminals.py` does not fully confine the user-controlled `path` segment before forwarding it to an admin-configured terminal server. An authenticated user who has been granted access to a terminal server can craft `path` values containing encoded `../` traversal sequences that escape the intended path (or policy) scope on that server, reaching unintended endpoints and files on the terminal-server host. Where the terminal server fans requests out to internal services, this also gives SSRF-style reach into those services. This is a separate code path from the `/api/v1/retrieval/process/web` SSRF (GHSA-c6xv-rcvw-v685), with its own input. Two distinct vectors are consolidated here: first, raw path forwarding / single-encoded traversal (original report); and second, a bypass of the subsequently-added `_sanitize_proxy_path` mitigation using double-encoded dots (`%252e%252e`). The attacker-controlled input is the request `path`, supplied by the non-admin user, not anything an administrator configures, so this is not an admin-trust / Rule-9 situation. Version 0.9.6 fixes the issue.

Action-Not Available
Vendor-openwebuiopen-webui
Product-open_webuiopen-webui
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-34576
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.3||HIGH
EPSS-0.27% / 18.33%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 17:23
Updated-07 Apr, 2026 | 21:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Postiz: SSRF in upload-from-url endpoint allows fetching internal resources and cloud metadata

Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the POST /public/v1/upload-from-url endpoint accepts a user-supplied URL and fetches it server-side using axios.get() with no SSRF protections. The only validation is a file extension check (.png, .jpg, etc.) which is trivially bypassed by appending an image extension to any URL path. An authenticated API user can fetch internal network resources, cloud instance metadata, and other internal services, with the response data uploaded to storage and returned to the attacker. This issue has been patched in version 2.21.3.

Action-Not Available
Vendor-gitroomgitroomhq
Product-postizpostiz-app
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-33458
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-6.8||MEDIUM
EPSS-0.23% / 13.27%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 16:47
Updated-13 Apr, 2026 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure

Server-Side Request Forgery (CWE-918) in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data.

Action-Not Available
Vendor-Elasticsearch BV
Product-kibanaKibana
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-33399
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.28% / 20.03%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 17:43
Updated-26 Mar, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wallos: SSRF Bypass - Incomplete Fix for CVE-2026-30839/30840

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validate_webhook_url_for_ssrf() protection was added to the test* notification endpoints but not to the corresponding save* endpoints. An authenticated user can save an internal/private IP address as a notification URL, and when the cron job sendnotifications.php executes, the request is sent to the internal IP without any SSRF validation. This issue has been patched in version 4.7.0.

Action-Not Available
Vendor-wallosappellite
Product-wallosWallos
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-31945
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.25% / 16.12%
||
7 Day CHG~0.00%
Published-27 Mar, 2026 | 19:23
Updated-30 Mar, 2026 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LibreChat Server-Side Request Forgery using DNS resolution

LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery (SSRF) attack when using agent actions or MCP. Although a previous SSRF vulnerability (https://github.com/danny-avila/LibreChat/security/advisories/GHSA-rgjq-4q58-m3q8) was reported and patched, the fix only introduced hostname validation. It does not verify whether DNS resolution results in a private IP address. As a result, an attacker can still bypass the protection and gain access to internal resources, such as an internal RAG API or cloud instance metadata endpoints. Version 0.8.3-rc1 contains a patch.

Action-Not Available
Vendor-librechatdanny-avila
Product-librechatLibreChat
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-31941
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.23% / 13.81%
||
7 Day CHG~0.00%
Published-10 Apr, 2026 | 17:37
Updated-17 Apr, 2026 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in Chamilo LMS

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery (SSRF) vulnerability in the Social Wall feature. The endpoint read_url_with_open_graph accepts a URL from the user via the social_wall_new_msg_main POST parameter and performs two server-side HTTP requests to that URL without validating whether the target is an internal or external resource. This allows an authenticated attacker to force the server to make arbitrary HTTP requests to internal services, scan internal ports, and access cloud instance metadata. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.

Action-Not Available
Vendor-chamilochamilo
Product-chamilo_lmschamilo-lms
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-30953
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.22% / 12.25%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 20:38
Updated-17 Mar, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LinkAce affected by SSRF via link creation: NoPrivateIpRule not applied to LinkStoreRequest

LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL (LinkRepository::create() calls HtmlMeta::getFromUrl()). The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-side requests to internal network addresses, Docker service hostnames, and cloud metadata endpoints. The project already has a NoPrivateIpRule class (app/Rules/NoPrivateIpRule.php) but it is only applied in FetchController.php (line 99), not in the primary link creation path.

Action-Not Available
Vendor-linkaceKovah
Product-linkaceLinkAce
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-3052
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 21.53%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 01:32
Updated-28 Feb, 2026 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataLinkDC dinky Flink Proxy Controller FlinkProxyController.java proxyUba server-side request forgery

A vulnerability was found in DataLinkDC dinky up to 1.2.5. The impacted element is the function proxyUba of the file dinky-admin/src/main/java/org/dinky/controller/FlinkProxyController.java of the component Flink Proxy Controller. Performing a manipulation results in server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-dinkyDataLinkDC
Product-dinkydinky
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-45338
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.38% / 30.09%
||
7 Day CHG~0.00%
Published-15 May, 2026 | 21:46
Updated-18 May, 2026 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open WebUI: SSRF via OAuth Profile Picture URL in _process_picture_url (oauth.py)

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a Server-Side Request Forgery (SSRF) vulnerability exists in _process_picture_url() in backend/open_webui/utils/oauth.py (line ~1338). The function fetches arbitrary URLs from OAuth picture claims without applying validate_url(), allowing an attacker to force the server to make HTTP requests to internal resources and exfiltrate the full response. This vulnerability is fixed in 0.9.0.

Action-Not Available
Vendor-open-webui
Product-open-webui
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-42345
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.21% / 11.59%
||
7 Day CHG~0.00%
Published-08 May, 2026 | 22:11
Updated-13 May, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FastGPT: Cloud metadata endpoint SSRF protection bypass via port specification, IPv6 mapping, hex/decimal IP encoding, and trailing dot

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith() check against a hardcoded list. This check can be bypassed using at least 7 different URL encoding techniques, all of which resolve to the same cloud metadata service but do not match the blocklist patterns. Additionally, the broader private IP check (isInternalIPv4/isInternalIPv6) is disabled by default because CHECK_INTERNAL_IP defaults to false (not 'true'), so these bypasses reach the metadata endpoint without any further validation. At time of publication, there are no publicly available patches.

Action-Not Available
Vendor-Labring Computing Co., LTD.
Product-FastGPT
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-27706
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.21% / 11.58%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 15:56
Updated-27 Feb, 2026 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Plane Vulnerable to Full Read SSRF via Favicon Fetching in "Add Link" Feature

Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery (SSRF) vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the internal network and exfiltrate the full response body. By exploiting this vulnerability, an attacker can steal sensitive data from internal services and cloud metadata endpoints. Version 1.2.2 fixes the issue.

Action-Not Available
Vendor-planemakeplane
Product-planeplane
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-7959
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.7||HIGH
EPSS-24.46% / 97.61%
||
7 Day CHG~0.00%
Published-20 Mar, 2025 | 10:09
Updated-21 Jul, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SSRF in open-webui/open-webui

The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the attacker to access internal services and potentially gain command execution by accessing instance secrets.

Action-Not Available
Vendor-openwebuiopen-webui
Product-open_webuiopen-webui/open-webui
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-8635
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-7.7||HIGH
EPSS-0.56% / 42.24%
||
7 Day CHG~0.00%
Published-12 Sep, 2024 | 17:01
Updated-14 Sep, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in GitLab

A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy URL

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-5526
Matching Score-4
Assigner-Grafana Labs
ShareView Details
Matching Score-4
Assigner-Grafana Labs
CVSS Score-7.7||HIGH
EPSS-0.40% / 32.15%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 11:21
Updated-01 Aug, 2024 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery (SSRF) vulnerability in the webhook functionallity. This issue was fixed in version 1.5.2

Action-Not Available
Vendor-Grafana Labs
Product-oncallOnCalloncall
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-47684
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.22% / 12.62%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 14:31
Updated-16 Jun, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP

Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.3.0, the private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses (e.g. ::ffff:127.0.0.1), allowing SSRF protection to be bypassed on dual-stack systems. Version 2.3.0 fixes the issue.

Action-Not Available
Vendor-Sync-in
Product-server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-23529
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.38% / 29.55%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 16:53
Updated-26 Jan, 2026 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary File Read in Google BigQuery Sink connector

Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations for authentication to BigQuery services. During connector configuration, users can supply credential JSON files that are processed by Google authentication libraries. The service fails to validate externally-sourced credential configurations before passing them to the authentication libraries. An attacker can exploit this by providing a malicious credential configuration containing crafted credential_source.file paths or credential_source.url endpoints, resulting in arbitrary file reads or SSRF attacks.

Action-Not Available
Vendor-Aiven
Product-bigquery-connector-for-apache-kafka
CWE ID-CWE-73
External Control of File Name or Path
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-47260
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.26% / 17.67%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 18:50
Updated-15 Jun, 2026 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs

Koel is a free, open-source music streaming solution. Prior to version 9.3.5, Koel validates the podcast feed URL via the SafeUrl rule (DNS resolution + public IP check), but the individual episode <enclosure url="..."> values extracted from the RSS XML are stored directly into the database without any SSRF validation. When a user plays an episode, the server downloads the full HTTP response from the unvalidated enclosure URL via Http::sink()->get() and streams it back to the user, enabling full-read SSRF against internal services. This issue has been patched in version 9.3.5.

Action-Not Available
Vendor-koel
Product-koel
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-26494
Matching Score-4
Assigner-Salesforce, Inc.
ShareView Details
Matching Score-4
Assigner-Salesforce, Inc.
CVSS Score-7.7||HIGH
EPSS-0.53% / 40.72%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:33
Updated-29 Oct, 2025 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server Side Request Forgery vulnerability in Tableau Server

Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server allows Authentication Bypass.This issue affects Tableau Server: from 2023.3 through 2023.3.5.

Action-Not Available
Vendor-tableauSalesforce
Product-tableau_serverTableau Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
  • Previous
  • 1
  • 2
  • Next
Details not found