CWE•Base•Incomplete•20 recent CVEs
CWE-918Server-Side Request Forgery (SSRF)
Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common consequences
- Confidentiality→Read Application Data
- Integrity→Execute Unauthorized Code or Commands
- Access Control→Bypass Protection MechanismBy providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The serve
Related CWEs
Recent CVEs classified under this CWE
CVE-2026-418544.22026-06-09CVE-2026-114694.72026-06-08CVE-2026-114377.32026-06-06CVE-2026-114242026-06-05CVE-2026-463932026-06-05CVE-2026-463912026-06-05CVE-2026-113462026-06-05CVE-2026-105867.22026-06-05CVE-2026-439869.92026-06-04CVE-2026-107717.32026-06-03CVE-2026-263796.52026-06-03CVE-2026-202308.62026-06-03CVE-2026-106906.32026-06-03CVE-2026-106626.32026-06-02CVE-2026-491208.52026-06-02CVE-2026-105834.72026-06-02CVE-2026-105816.32026-06-02CVE-2026-491392026-06-01CVE-2026-491385.02026-06-01CVE-2026-102877.32026-06-01