Server-Side Request Forgery

⚔️ Attack Types Related 17
slug: ssrf

Explanation

SSRFは「外部からのリクエストを、サーバーが内部ネットワークに転送してしまう」脆弱性です。 たとえば「画像URLを貼って」と言われてWebサービスがそのURLを取りに行く機能で、攻撃者が `http://169.254.169.254/` (AWSの内部メタデータURL) を入れると、AWSの認証情報が漏洩する、というのが典型例。 クラウド時代に特に危険視されている脆弱性です。
📌 Example
Capital One事件 (2019, 1億人の個人情報流出): WAFのSSRF脆弱性経由でAWS認証情報が窃取され、S3バケットから個人情報を全件取られた。

🔖 Related tags

🛡 Vulnerabilities tagged with this 294

ID Title
CVE-2026-44797 SSRF (Server-Side Request Forgery) in nautobot (CVE-2026-44797)
CVE-2026-44652 SSRF (Server-Side Request Forgery) in sillytavern (CVE-2026-44652)
CVE-2026-41195 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-41195)
CVE-2026-44232 Vulnerability in dssrf (CVE-2026-44232)
CVE-2026-34647 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-34647)
CVE-2026-43929 Vulnerability in ssrfcheck (CVE-2026-43929)
CVE-2026-42175 SSRF (Server-Side Request Forgery) in requests-hardened (CVE-2026-42175)
CVE-2026-42141 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-42141)
CVE-2026-43993 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-43993)
CVE-2026-42260 SSRF (Server-Side Request Forgery) in open-websearch (CVE-2026-42260)
CVE-2026-43884 SSRF (Server-Side Request Forgery) in wwbn/avideo (CVE-2026-43884)
CVE-2026-43879 SSRF (Server-Side Request Forgery) in wwbn/avideo (CVE-2026-43879)
CVE-2026-42188 SSRF (Server-Side Request Forgery) in org.geysermc.geyser:core (CVE-2026-42188)
CVE-2026-43979 Cross-Site Scripting (XSS) in local-deep-research (CVE-2026-43979)
CVE-2026-45000 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-45000)
CVE-2026-45001 Vulnerability in ssrf (CVE-2026-45001)
CVE-2026-2393 SSRF (Server-Side Request Forgery) in mlflow (CVE-2026-2393)
CVE-2026-45061 SSRF (Server-Side Request Forgery) in budibase (CVE-2026-45061)
CVE-2026-7817 Vulnerability in pgadmin4 (CVE-2026-7817)
CVE-2026-44971 SSRF (Server-Side Request Forgery) in guarddog (CVE-2026-44971)
CVE-2026-42595 SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-42595)
CVE-2026-44313 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44313)
CVE-2026-44284 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44284)
CVE-2026-44286 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44286)
CVE-2026-42346 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-42346)
CVE-2026-42339 SSRF (Server-Side Request Forgery) in github.com/QuantumNous/new-api (CVE-2026-42339)
CVE-2026-42353 Path Traversal in i18next-http-middleware (CVE-2026-42353)
CVE-2026-44335 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44335)
CVE-2026-41423 SSRF (Server-Side Request Forgery) in @angular/platform-server (CVE-2026-41423)
CVE-2026-42261 Vulnerability in ssrf (CVE-2026-42261)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →