This page collects WhisperX intelligence signals tagged #SSRF. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A high-severity security vulnerability was identified in a codebase's SSRF (Server-Side Request Forgery) protection mechanisms. The functions `safe_get()` and `SafeSession.request()` were found to have a critical flaw when used with the parameter `allow_redirects=True`. While the initial request URL was properly valida...
A critical security flaw in an AI image generation service could allow attackers to hijack the backend system to probe internal networks and access private services. The vulnerability, a classic Server-Side Request Forgery (SSRF), stems from the service blindly fetching image URLs provided by the AI model without any v...
A critical Server-Side Request Forgery (SSRF) vulnerability has been identified in a GitHub repository's webhook system. The flaw allows a merchant to specify a webhook URL pointing to `127.0.0.1` or other loopback addresses, which could force the application's API to perform port scans against its own server instance....
A major security update for LangChain Core patches a critical Server-Side Request Forgery (SSRF) vulnerability that could allow attackers to force AI applications to make unauthorized network requests. The flaw, tracked as CVE-2026-26013, resides in the `ChatOpenAI.get_num_tokens_from_messages()` method. This function,...
A critical security update for the Joplin workspace has patched two significant vulnerabilities stemming from outdated dependencies, addressing a Server-Side Request Forgery (SSRF) risk and a Denial-of-Service (DoS) vector. The fixes target deprecated packages that could have allowed attackers to bypass security contro...
A critical Server-Side Request Forgery (SSRF) vulnerability exists in the webhook creation handler, allowing attackers to force the server to make HTTP requests to internal network addresses. The flaw is located in `internal/handlers/webhook.go` at lines 65-69, where the handler fails to validate the scheme or destinat...
A critical Server-Side Request Forgery (SSRF) vulnerability in Clerk's official backend library can be exploited by unauthenticated attackers to steal the application's secret keys. The flaw, tracked as CVE-2026-34076, resides in the `clerkFrontendApiProxy` function within the `@clerk/backend` npm package. By crafting ...
A critical Server-Side Request Forgery (SSRF) vulnerability exists in the `test_connection_endpoint` of the application's backend. The endpoint accepts a `SpaceConnectionRequest` payload and passes the user-controlled `storage_config` dictionary directly to the `ugoite_core.test_storage_connection()` function. This con...
parisneo/lollms AI 프레임워크의 2.2.0 이전 버전에 서버 측 요청 위조(SSRF) 취약점(CVE-2026-0560)이 존재한다. 이 취약점은 네트워크를 통해 원격으로 악용 가능하며, 공격자 권한이 필요 없어 비교적 쉬운 공격이 가능하다. CVSS 7.5(높음)로 평가된 이 취약점은 성공적으로 악용될 경우 시스템의 높은 수준의 기밀 정보가 유출될 수 있는 위험을 내포하고 있다. 이 취약점은 CWE-918로 분류되며, 공격 벡터는 네트워크(Network), 공격 복잡성은 낮음(AC:L), 필요한 권한은 없음(PR:N)으로 설정되어 있다. 이는 인증되지...
A critical Server-Side Request Forgery (SSRF) vulnerability has been identified within the Policai Australian AI Policy Tracker's administrative API. The `/api/admin/analyse-url` endpoint performs a server-side `fetch()` on any user-supplied URL without validation, allowing authenticated attackers to probe internal inf...
Kubernetes 확장 플랫폼 KubePlus의 4.1.4 버전에 심각한 서버 측 요청 위조(SSRF) 취약점이 존재한다. 이 취약점(CVE-2026-29954)은 CVSS 7.6의 높은 위험도로 평가되며, 공격자가 내부 네트워크를 탐색하거나 임의의 HTTP 헤더를 주입하고 명령어를 실행할 수 있는 경로를 열어준다. 취약점의 핵심은 ResourceComposition 리소스의 'chartURL' 필드를 처리하는 mutating webhook 및 kubeconfiggenerator 컴포넌트가 URL 인코딩만 수행하고 대상 주소를 검증하지 않아 발생하는 SSRF에 있다...
Vercel 旗下的主流 React 框架 Next.js 被曝存在一个高危的服务器端请求伪造 (SSRF) 漏洞,编号为 CVE-2024-34351。该漏洞直接影响 Next.js 的 Server Actions 功能,可能允许攻击者通过构造恶意请求,诱使服务器向内部或外部网络发起非预期的 HTTP 请求,从而访问或攻击内部服务。安全研究人员已通过 GitHub 安全公告 (GHSA-fr5h-rqp8-mj6g) 披露了此漏洞的细节。 此次漏洞的修复已包含在 Next.js 的版本更新中。自动化依赖管理工具 Renovate 已发布更新 PR,建议将 Next.js 从存在漏洞的版本(如 ^13.5.0)升级至已修复的版本...
A Semgrep security scan has flagged a critical Server-Side Request Forgery (SSRF) vulnerability in a PHP codebase. The automated finding reveals that user-controlled data is being passed directly into a network function without any validation, creating a direct path for an attacker to manipulate server requests. This f...
A critical security flaw in Appsmith's Git integration allowed authenticated users to bypass the platform's primary SSRF (Server-Side Request Forgery) defenses. The vulnerability was rooted in the JGit SSH client, which connected directly to user-supplied remote URLs without performing any IP address validation. This c...
A critical testing gap has been identified within the `wast mcpscan` security subsystem. The two highest-severity vulnerability check modules—responsible for detecting Server-Side Request Forgery (SSRF) and authentication bypass flaws—currently operate with zero unit test coverage. This means changes to the `SSRFChecke...
A Semgrep security scan has flagged critical Server-Side Request Forgery (SSRF) vulnerabilities in a PHP codebase, exposing internal services to potential attacker manipulation. The automated scan identified that user-controlled input is being passed directly to network functions without any validation, creating a dire...
A Semgrep security scan has flagged critical Server-Side Request Forgery (SSRF) vulnerabilities in a PHP codebase, exposing internal network services to potential attacker manipulation. The automated scan detected that user-controlled input is being passed directly to network-fetching functions without any validation, ...
A Semgrep security scan has flagged critical Server-Side Request Forgery (SSRF) vulnerabilities in a PHP codebase, exposing internal services to potential attacker manipulation. The automated scan identified two high-risk findings where user-controlled input flows directly into network-fetching functions without any va...
A Semgrep security scan has flagged critical Server-Side Request Forgery (SSRF) vulnerabilities in a codebase, where unvalidated user input is directly passed to network functions. This flaw allows an attacker to potentially force the server to make unauthorized requests to internal services or arbitrary external hosts...
A Semgrep security scan has flagged critical Server-Side Request Forgery (SSRF) vulnerabilities in a PHP codebase, exposing internal services to potential external manipulation. The automated scan identified that user-controlled input is being passed directly to network-fetching functions without any validation, creati...