Server-Side Request Forgery

⚔️ Attack Types Related 17
slug: ssrf

Explanation

SSRFは「外部からのリクエストを、サーバーが内部ネットワークに転送してしまう」脆弱性です。 たとえば「画像URLを貼って」と言われてWebサービスがそのURLを取りに行く機能で、攻撃者が `http://169.254.169.254/` (AWSの内部メタデータURL) を入れると、AWSの認証情報が漏洩する、というのが典型例。 クラウド時代に特に危険視されている脆弱性です。
📌 Example
Capital One事件 (2019, 1億人の個人情報流出): WAFのSSRF脆弱性経由でAWS認証情報が窃取され、S3バケットから個人情報を全件取られた。

🔖 Related tags

🛡 Vulnerabilities tagged with this 296

ID Title
CVE-2026-10771 A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate...
CVE-2026-44020 Vulnerability in docling (CVE-2026-44020)
CVE-2026-44016 Code Injection in docling (CVE-2026-44016)
CVE-2026-26379 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-26379)
CVE-2026-20230 KEV [KEV] SSRF (Server-Side Request Forgery) in Cisco ssrf (CVE-2026-20230)
CVE-2026-49120 Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription...
CVE-2026-8993 Vulnerability in ssrf (CVE-2026-8993)
CVE-2026-49328 SSRF (Server-Side Request Forgery) in org.apache.fesod:fesod-sheet (CVE-2026-49328)
CVE-2026-10517 SSRF (Server-Side Request Forgery) in github.com/quay/claircore (CVE-2026-10517)
CVE-2026-47268 SSRF (Server-Side Request Forgery) in github.com/nezhahq/nezha (CVE-2026-47268)
CVE-2026-44285 FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network prot...
CVE-2026-47260 SSRF (Server-Side Request Forgery) in phanan/koel (CVE-2026-47260)
CVE-2026-49372 In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
CVE-2026-35673 Authorization Flaw in ssrf (CVE-2026-35673)
CVE-2026-9557 SSRF (Server-Side Request Forgery) in mautic/core (CVE-2026-9557)
CVE-2026-46526 SSRF (Server-Side Request Forgery) in local-deep-research (CVE-2026-46526)
CVE-2026-48522 Vulnerability in pyjwt (CVE-2026-48522)
CVE-2026-9813 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-9813)
CVE-2026-5737 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-5737)
CVE-2026-48146 SSRF (Server-Side Request Forgery) in @budibase/server (CVE-2026-48146)
CVE-2026-9312 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-9312)
CVE-2026-8606 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-8606)
CVE-2026-45412 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-45412)
CVE-2026-42335 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-42335)
CVE-2026-42336 Vulnerability in ssrf (CVE-2026-42336)
CVE-2026-2264 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-2264)
CVE-2025-14290 SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-14290)
CVE-2026-40564 Vulnerability in apache (CVE-2026-40564)
CVE-2026-45082 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-45082)
CVE-2026-44598 Open Redirect in org.apache.shiro:shiro-jakarta-ee (CVE-2026-44598)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →