Server-Side Request Forgery

⚔️ Attack Types Related 17
slug: ssrf

Explanation

SSRFは「外部からのリクエストを、サーバーが内部ネットワークに転送してしまう」脆弱性です。 たとえば「画像URLを貼って」と言われてWebサービスがそのURLを取りに行く機能で、攻撃者が `http://169.254.169.254/` (AWSの内部メタデータURL) を入れると、AWSの認証情報が漏洩する、というのが典型例。 クラウド時代に特に危険視されている脆弱性です。
📌 Example
Capital One事件 (2019, 1億人の個人情報流出): WAFのSSRF脆弱性経由でAWS認証情報が窃取され、S3バケットから個人情報を全件取られた。

🔖 Related tags

🛡 Vulnerabilities tagged with this 294

ID Title
CVE-2026-46548 SSRF (Server-Side Request Forgery) in nocodb (CVE-2026-46548)
CVE-2026-46683 SSRF (Server-Side Request Forgery) in knplabs/knp-snappy (CVE-2026-46683)
CVE-2026-46497 SSRF (Server-Side Request Forgery) in crawlee (CVE-2026-46497)
CVE-2026-6394 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-6394)
CVE-2026-46417 SSRF (Server-Side Request Forgery) in @angular/platform-server (CVE-2026-46417)
CVE-2026-45796 SSRF (Server-Side Request Forgery) in github.com/coder/coder/v2 (CVE-2026-45796)
CVE-2026-47358 Vulnerability in ssrf (CVE-2026-47358)
CVE-2026-47356 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-47356)
CVE-2026-47357 Vulnerability in ssrf (CVE-2026-47357)
CVE-2026-30118 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-30118)
CVE-2026-46393 SSRF (Server-Side Request Forgery) in @haxtheweb/haxcms-nodejs (CVE-2026-46393)
CVE-2026-31910 SSRF (Server-Side Request Forgery) in apache (CVE-2026-31910)
CVE-2026-29226 SSRF (Server-Side Request Forgery) in apache (CVE-2026-29226)
CVE-2026-33234 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-33234)
CVE-2026-45609 SSRF (Server-Side Request Forgery) in org.springaicommunity:mcp-client-security (CVE-2026-45609)
CVE-2026-45717 Vulnerability in @budibase/server (CVE-2026-45717)
CVE-2026-39053 XXE (XML External Entity) in ssrf (CVE-2026-39053)
CVE-2026-44661 SSRF (Server-Side Request Forgery) in utcp-http (CVE-2026-44661)
CVE-2026-45366 SSRF (Server-Side Request Forgery) in @utcp/http (CVE-2026-45366)
CVE-2026-45373 SSRF (Server-Side Request Forgery) in deepseek-tui (CVE-2026-45373)
CVE-2026-45310 SSRF (Server-Side Request Forgery) in deepseek-tui (CVE-2026-45310)
CVE-2026-45400 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-45400)
CVE-2026-45347 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-45347)
CVE-2026-45338 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-45338)
CVE-2026-45012 SSRF (Server-Side Request Forgery) in apostrophe (CVE-2026-45012)
CVE-2026-44520 Open Redirect in docling-graph (CVE-2026-44520)
CVE-2026-44515 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44515)
CVE-2026-42591 SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-42591)
CVE-2026-42281 SSRF (Server-Side Request Forgery) in magicmirror (CVE-2026-42281)
CVE-2026-0258 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-0258)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →