By weakness (CWE)
CWE-918: related vulnerabilities
CVEs classified under CWE-918. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
22 published vulnerabilities
- CVE-2026-10107HIGH 7.7
MoviePilot v2 has a security flaw in its image proxy feature that lets authenticated users access internal network resources they shouldn't be able to reach. An attacker with valid login credentials can trick the proxy into fetching files or services from private networks—like personal media servers—by crafting requests with specific cookies and domain names. The vulnerability exists because the security check only verifies that a domain name appears to be allowed, but doesn't block access to internal, private, or loopback addresses. This means an attacker could map out internal services or steal data from them.
- CVE-2026-42398HIGH 7.7
CVE-2026-42398 is a Server-Side Request Forgery (SSRF) vulnerability in Kibana that allows authenticated users with connector management privileges to circumvent network egress restrictions. An attacker with the right permissions can configure a malicious Webhook connector that tricks Kibana into making outbound HTTP requests to internal or restricted destinations that should have been blocked by the organization's firewall or allowlist policies. This effectively punches through network security controls by leveraging Kibana's own trusted outbound connection capability.
- CVE-2026-42965HIGH 7.7
OpenShift Router contains a flaw that allows users with EndpointSlice write permissions to redirect traffic through the router to cloud metadata endpoints. By crafting a Service backed by an FQDN-based EndpointSlice pointing to a cloud metadata service, an attacker can intercept and read sensitive instance credentials and metadata that should never be exposed. This circumvents existing IP address validation protections designed to block such access.
- CVE-2026-44285HIGH 7.7
FastGPT, an AI Agent building platform, contains a Server-Side Request Forgery (SSRF) vulnerability in versions before 4.15.0-beta1. An authenticated user can bypass the platform's internal network protection and send HTTP requests to services on the internal network that should be inaccessible. The flaw exists in the dataset preview feature when using the externalFile import type. This allows an attacker with valid credentials to potentially access sensitive internal services, databases, or administrative endpoints that are normally restricted from external access.
- CVE-2026-10068HIGH 7.3
A server-side request forgery (SSRF) vulnerability has been identified in Shibby Tomato version 1.28, specifically within the miniupnpd daemon's SUBSCRIBE call handler. An attacker can exploit this flaw remotely without authentication to make the affected device perform unintended network requests on their behalf. This could lead to unauthorized access to internal services, data exfiltration, or lateral movement within a network. However, the practical impact is limited since Shibby Tomato is no longer maintained, with the project having been superseded by FreshTomato.
- CVE-2026-10280HIGH 7.3
Horizon921's mcpilot version 0.1.0 contains a server-side request forgery (SSRF) vulnerability in its MCP API Call Endpoint. An attacker can manipulate the serverBaseUrl parameter to trick the application into making requests to arbitrary internal or external systems. Because this requires no authentication and can be exploited over the network, it represents a meaningful attack surface for anyone running this software. The flaw has already been disclosed publicly and exploit code is available.
- CVE-2026-10287HIGH 7.3
A server-side request forgery (SSRF) vulnerability exists in SourceCodester SEO Meta Tag Extractor version 1.0. An attacker can manipulate the URL parameter passed to the get_headers function in /index.php to make the vulnerable server perform requests on their behalf—potentially accessing internal services, exfiltrating data, or launching attacks against other systems on the network. No authentication is required, and the flaw can be exploited remotely over the network. Public exploit code is already available.
- CVE-2026-10771HIGH 7.3
A server-side request forgery (SSRF) vulnerability exists in CRMEB Java version 1.4. An attacker can manipulate the URL parameter in the RestTemplate.getForEntity function to force the server to make unintended outbound requests. This occurs in the QR code generation endpoint and requires no authentication. Since exploit code has been publicly disclosed, the risk of active exploitation is elevated.
- CVE-2026-26379MEDIUM 6.5
Koha, an open-source library management system, contains a Server-Side Request Forgery (SSRF) vulnerability in its Z39.50/SRU server configuration. An authenticated attacker can exploit this flaw to scan the internal network and discover which services are running by measuring how the server responds to requests. This vulnerability affects Koha versions up to and including 25.11.
- CVE-2026-10177MEDIUM 6.3
Aider-AI's Aider version 0.86.3 contains a server-side request forgery (SSRF) vulnerability in its AWS EC2 metadata endpoint handling. An authenticated attacker can exploit the requests.get function in api_docs.py to make the application fetch resources from arbitrary locations, potentially accessing sensitive internal services or metadata. The vulnerability is remotely exploitable and public disclosure has already occurred.
- CVE-2026-10239MEDIUM 6.3
JeecgBoot, an open-source low-code application development platform, contains a server-side request forgery (SSRF) vulnerability in its word document editing module. Specifically, the `WordUtil.addImage` function in the `/airag/word/edit` endpoint fails to properly validate image URLs, allowing an authenticated attacker to manipulate the application into making arbitrary HTTP requests on behalf of the server. This could expose internal resources, bypass firewalls, or facilitate lateral movement within a network. The vulnerability affects JeecgBoot versions up to and including 3.9.2 and has been publicly disclosed.
- CVE-2026-10240MEDIUM 6.3
JeecgBoot versions up to 3.9.2 contain a server-side request forgery (SSRF) vulnerability in the /airag/airagModel/test endpoint. An authenticated attacker can manipulate the baseUrl parameter to make the server perform unintended HTTP requests to internal or external systems. The vulnerability requires login credentials but does not require user interaction, and can be exploited over the network. A fix is planned for an upcoming release.
- CVE-2026-10241MEDIUM 6.3
JimuReport (jeecgboot) versions up to 3.9.1 contain a server-side request forgery (SSRF) vulnerability in a file download function exposed via a debug endpoint. An authenticated attacker can manipulate the application into making arbitrary network requests on behalf of the server, potentially accessing internal resources, cloud metadata, or other services not directly exposed to the internet. The vulnerability is reachable over the network and exploit code is publicly available.
- CVE-2026-10274MEDIUM 6.3
A server-side request forgery (SSRF) vulnerability exists in the aem-mcp-server project maintained by indrasishbanerjee. The flaw is in the getAssetMetadata function, which processes an assetPath parameter without proper validation. An authenticated attacker can manipulate this parameter to cause the server to make unintended HTTP requests to internal or external systems, potentially accessing sensitive data or interacting with restricted resources. The vulnerability is publicly known and exploit code may be in circulation.
- CVE-2026-10276MEDIUM 6.3
A server-side request forgery (SSRF) vulnerability exists in Jenkins-server-mcp version 0.1.0, a Jenkins integration tool. An authenticated attacker can manipulate the jobPath parameter in build status, log retrieval, or build trigger operations to make the server issue malicious requests to internal or external systems. The vulnerability requires valid login credentials but no user interaction, and the exploit code has already been made public.
- CVE-2026-10581MEDIUM 6.3
DedeCMS 5.7.88 contains a server-side request forgery (SSRF) vulnerability in its download functionality. An authenticated attacker can manipulate the Link parameter passed to the base64_decode function in /plus/download.php to cause the server to make unintended requests to internal or external systems. This allows an attacker with login credentials to potentially access restricted resources, exfiltrate data, or pivot to other systems on the network.
- CVE-2026-10662MEDIUM 6.3
A server-side request forgery (SSRF) vulnerability exists in ahujasid blender-mcp, a tool that handles ZIP file operations. An authenticated attacker can manipulate the ZIP file URL parameter to force the server to make HTTP requests to arbitrary internal or external systems. This could allow an attacker to access sensitive internal services, exfiltrate data, or pivot deeper into a network. The vulnerability affects versions up to commit 7636d13, and a patch is available.
- CVE-2026-10690MEDIUM 6.3
A server-side request forgery (SSRF) vulnerability exists in DesktopCommanderMCP version 0.2.37. The flaw allows authenticated attackers to manipulate URL parameters passed to the read_file function, enabling the server to make arbitrary HTTP requests on behalf of the attacker. This could expose internal services, exfiltrate data, or compromise systems that trust the affected server.
- CVE-2026-10517MEDIUM 5.8
Clair, a container image scanning tool, has a server-side request forgery (SSRF) vulnerability in its fetcher component. When processing container manifests, Clair can be tricked into making HTTP requests to attacker-controlled URLs without proper validation. An attacker who is unauthenticated can submit a malicious manifest pointing to internal services or cloud metadata endpoints, causing Clair to reach out to those targets. When the request fails, error messages leak up to 256 bytes of the response, potentially exposing sensitive information like API credentials or internal configuration. Red Hat Quay deployments that are operator-managed are automatically protected because they enable pre-shared key (PSK) authentication by default; self-managed Clair installations without PSK are at risk.
- CVE-2026-43979MEDIUM 5.0
Local Deep Research versions before 1.6.0 contain a vulnerability where user-supplied search queries and metadata are inserted directly into HTML without proper escaping before being converted to PDF. An authenticated user can inject HTML tags that trick the server into making unauthorized web requests (SSRF), bypassing existing security controls. The vulnerability requires valid credentials but poses moderate risk due to potential confidentiality impact.
- CVE-2026-10583MEDIUM 4.7
A server-side request forgery (SSRF) vulnerability exists in nextlevelbuilder GoClaw versions up to 3.11.3. The flaw is located in the TTS Configuration Endpoint's Import function, which fails to properly validate or restrict outbound HTTP requests. An authenticated attacker with high privileges can exploit this to make the affected server initiate requests to internal or external systems on their behalf, potentially accessing sensitive internal resources or launching further attacks. The vulnerability has been publicly disclosed.
- CVE-2026-10052MEDIUM 4.1
Quay's configuration tool contains a weakness in how it validates LDAP and SMTP settings. When a configuration editor supplies endpoints for these services, the tool connects to them without restricting which IP addresses or hostnames are allowed. An attacker with config editor privileges can abuse this to make the Quay container reach internal network resources, allowing them to map and discover the organization's internal infrastructure from inside the cluster's network position.