Server-Side Request Forgery

⚔️ Attack Types Related 17
slug: ssrf

Explanation

SSRFは「外部からのリクエストを、サーバーが内部ネットワークに転送してしまう」脆弱性です。 たとえば「画像URLを貼って」と言われてWebサービスがそのURLを取りに行く機能で、攻撃者が `http://169.254.169.254/` (AWSの内部メタデータURL) を入れると、AWSの認証情報が漏洩する、というのが典型例。 クラウド時代に特に危険視されている脆弱性です。
📌 Example
Capital One事件 (2019, 1億人の個人情報流出): WAFのSSRF脆弱性経由でAWS認証情報が窃取され、S3バケットから個人情報を全件取られた。

🔖 Related tags

🛡 Vulnerabilities tagged with this 294

ID Title
CVE-2026-48285 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-48285)
CVE-2026-13316 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-13316)
CVE-2026-57947 Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook...
CVE-2026-56285 Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and...
CVE-2026-56663 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-56663)
CVE-2026-28385 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-28385)
CVE-2026-57627 Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.
CVE-2026-56026 Subscriber Server Side Request Forgery (SSRF) in utm.codes <= 1.9.0 versions.
CVE-2026-4339 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-4339)
CVE-2026-57940 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-57940)
CVE-2026-13318 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-13318)
CVE-2026-12975 XXE (XML External Entity) in ssrf (CVE-2026-12975)
CVE-2026-55412 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-55412)
CVE-2026-54033 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-54033)
CVE-2026-57535 Vulnerability in ssrf (CVE-2026-57535)
CVE-2026-57234 Vulnerability in ssrf (CVE-2026-57234)
CVE-2026-55454 Vulnerability in ssrf (CVE-2026-55454)
CVE-2026-12986 Cross-Site Request Forgery (CSRF) in ssrf (CVE-2026-12986)
CVE-2026-13150 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-13150)
CVE-2026-50221 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50221)
CVE-2026-52805 SSRF (Server-Side Request Forgery) in gogs.io/gogs (CVE-2026-52805)
CVE-2026-54353 Vulnerability in @budibase/backend-core (CVE-2026-54353)
CVE-2026-55599 SSRF (Server-Side Request Forgery) in phpseclib/phpseclib (CVE-2026-55599)
CVE-2026-9006 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-9006)
CVE-2026-7253 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-7253)
CVE-2026-55791 Cross-Site Scripting (XSS) in craftcms/cms (CVE-2026-55791)
CVE-2026-49345 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-49345)
CVE-2026-4328 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-4328)
CVE-2026-48764 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-48764)
CVE-2026-48814 Vulnerability in network-ai (CVE-2026-48814)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →