Server-Side Request Forgery

⚔️ Attack Types Related 17
slug: ssrf

Explanation

SSRFは「外部からのリクエストを、サーバーが内部ネットワークに転送してしまう」脆弱性です。 たとえば「画像URLを貼って」と言われてWebサービスがそのURLを取りに行く機能で、攻撃者が `http://169.254.169.254/` (AWSの内部メタデータURL) を入れると、AWSの認証情報が漏洩する、というのが典型例。 クラウド時代に特に危険視されている脆弱性です。
📌 Example
Capital One事件 (2019, 1億人の個人情報流出): WAFのSSRF脆弱性経由でAWS認証情報が窃取され、S3バケットから個人情報を全件取られた。

🔖 Related tags

🛡 Vulnerabilities tagged with this 296

ID Title
CVE-2026-48814 Vulnerability in network-ai (CVE-2026-48814)
CVE-2026-55471 XXE (XML External Entity) in ca.uhn.hapi.fhir:org.hl7.fhir.utilities (CVE-2026-55471)
CVE-2026-54018 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-54018)
CVE-2026-54017 Path Traversal in open-webui (CVE-2026-54017)
CVE-2026-53755 SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-53755)
CVE-2026-53754 SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-53754)
CVE-2025-60175 Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions.
CVE-2026-50888 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50888)
CVE-2026-50887 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50887)
CVE-2026-48818 SSRF (Server-Side Request Forgery) in starlette (CVE-2026-48818)
CVE-2026-50168 Vulnerability in @angular/platform-server (CVE-2026-50168)
CVE-2026-53607 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-53607)
CVE-2026-50552 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50552)
CVE-2025-58175 Vulnerability in org.geoserver.web:gs-web-app (CVE-2025-58175)
CVE-2026-53782 Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows...
CVE-2026-47170 Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HT...
CVE-2026-46697 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-46697)
CVE-2026-3341 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-3341)
CVE-2026-50131 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50131)
CVE-2026-48858 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-48858)
CVE-2026-47938 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-47938)
CVE-2026-45504 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-45504)
CVE-2026-45501 Cross-Site Scripting (XSS) in ssrf (CVE-2026-45501)
CVE-2026-45502 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-45502)
CVE-2026-45503 Vulnerability in ssrf (CVE-2026-45503)
CVE-2026-41854 SSRF (Server-Side Request Forgery) in spring (CVE-2026-41854)
CVE-2026-11424 Information Disclosure in ssrf (CVE-2026-11424)
CVE-2026-47684 SSRF (Server-Side Request Forgery) in @sync-in/server (CVE-2026-47684)
CVE-2026-11346 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-11346)
CVE-2026-43986 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-43986)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →