Server-Side Request Forgery

⚔️ Attack Types Related 17

slug: ssrf

Explanation

SSRFは「外部からのリクエストを、サーバーが内部ネットワークに転送してしまう」脆弱性です。たとえば「画像URLを貼って」と言われてWebサービスがそのURLを取りに行く機能で、攻撃者が `http://169.254.169.254/` (AWSの内部メタデータURL) を入れると、AWSの認証情報が漏洩する、というのが典型例。クラウド時代に特に危険視されている脆弱性です。

📌 Example

Capital One事件 (2019, 1億人の個人情報流出): WAFのSSRF脆弱性経由でAWS認証情報が窃取され、S3バケットから個人情報を全件取られた。

🔖 Related tags

Denial of Service85 Cross-Site Scripting27 SQL Injection23 Remote Code Execution19 Path Traversal14 Privilege Escalation7 Authentication Bypass4 Insecure Deserialization4 Cross-Site Request Forgery1

🛡 Vulnerabilities tagged with this 17

ID	Title	Severity	Detected
CVE-2026-44313	SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44313)	Critical	18 hours ago
CVE-2026-44284	SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44284)	Medium	19 hours ago
CVE-2026-44286	SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44286)		19 hours ago
CVE-2026-42346	SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-42346)	Medium	19 hours ago
CVE-2026-42339	SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-42339)		19 hours ago
CVE-2026-42353	Path Traversal in express (CVE-2026-42353)	High	1 day ago
CVE-2026-44335	SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44335)	Critical	1 day ago
CVE-2026-41423	SSRF (Server-Side Request Forgery) in express (CVE-2026-41423)		1 day ago
CVE-2026-42261	Vulnerability in ssrf (CVE-2026-42261)	High	1 day ago
CVE-2026-8034	Vulnerability in ssrf (CVE-2026-8034)		1 day ago
CVE-2026-41105	SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-41105)	High	1 day ago
CVE-2026-42449	SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-42449)	High	1 day ago
CVE-2026-39383	SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-39383)	High	3 days ago
CVE-2026-34084	Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-34084)	Critical	3 days ago
CVE-2026-35527	SSRF (Server-Side Request Forgery) in github.com/lxc/incus/v6/cmd/incusd (CVE-2026-35527)		5 days ago
CVE-2026-44015	SSRF (Server-Side Request Forgery) in github.com/0xJacky/Nginx-UI (CVE-2026-44015)		1 week ago
CVE-2026-43995	SSRF (Server-Side Request Forgery) in flowise (CVE-2026-43995)		3 weeks ago

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →