Server-Side Request Forgery

⚔️ Attack Types Related 17
slug: ssrf

Explanation

SSRFは「外部からのリクエストを、サーバーが内部ネットワークに転送してしまう」脆弱性です。 たとえば「画像URLを貼って」と言われてWebサービスがそのURLを取りに行く機能で、攻撃者が `http://169.254.169.254/` (AWSの内部メタデータURL) を入れると、AWSの認証情報が漏洩する、というのが典型例。 クラウド時代に特に危険視されている脆弱性です。
📌 Example
Capital One事件 (2019, 1億人の個人情報流出): WAFのSSRF脆弱性経由でAWS認証情報が窃取され、S3バケットから個人情報を全件取られた。

🔖 Related tags

🛡 Vulnerabilities tagged with this 294

ID Title
CVE-2026-59706 Vulnerability in ssrf (CVE-2026-59706)
CVE-2026-57573 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-57573)
CVE-2025-53830 SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-53830)
CVE-2025-53828 SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-53828)
CVE-2026-55993 Vulnerability in apache (CVE-2026-55993)
CVE-2026-55994 Vulnerability in apache (CVE-2026-55994)
CVE-2026-48205 Vulnerability in apache (CVE-2026-48205)
CVE-2026-46726 Vulnerability in apache (CVE-2026-46726)
CVE-2026-48203 Vulnerability in apache (CVE-2026-48203)
CVE-2026-57993 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-57993)
CVE-2026-58278 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-58278)
CVE-2026-57987 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-57987)
CVE-2026-58418 SSRF via HTTP Redirect in Repository Migration
CVE-2026-22874 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-22874)
CVE-2026-11397 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-11397)
CVE-2026-57100 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-57100)
CVE-2026-45499 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-45499)
CVE-2026-59101 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-59101)
CVE-2026-59095 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-59095)
CVE-2026-55115 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-55115)
CVE-2026-55113 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-55113)
CVE-2026-54401 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-54401)
CVE-2026-57681 Subscriber Server Side Request Forgery (SSRF) in GeoDirectory <= 2.8.161 versions.
CVE-2026-57348 Unauthenticated Server Side Request Forgery (SSRF) in Paid Member Subscriptions <= 3.0.4 versions.
CVE-2026-56399 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-56399)
CVE-2025-36324 SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-36324)
CVE-2026-13773 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-13773)
CVE-2026-10564 SSRF (Server-Side Request Forgery) in c (CVE-2026-10564)
CVE-2026-10546 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-10546)
CVE-2026-10129 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-10129)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →