Server-Side Request Forgery

⚔️ Attack Types Related 17
slug: ssrf

Explanation

SSRFは「外部からのリクエストを、サーバーが内部ネットワークに転送してしまう」脆弱性です。 たとえば「画像URLを貼って」と言われてWebサービスがそのURLを取りに行く機能で、攻撃者が `http://169.254.169.254/` (AWSの内部メタデータURL) を入れると、AWSの認証情報が漏洩する、というのが典型例。 クラウド時代に特に危険視されている脆弱性です。
📌 Example
Capital One事件 (2019, 1億人の個人情報流出): WAFのSSRF脆弱性経由でAWS認証情報が窃取され、S3バケットから個人情報を全件取られた。

🔖 Related tags

🛡 Vulnerabilities tagged with this 296

ID Title
CVE-2026-41423 SSRF (Server-Side Request Forgery) in @angular/platform-server (CVE-2026-41423)
CVE-2026-42261 Vulnerability in ssrf (CVE-2026-42261)
CVE-2026-8034 Vulnerability in ssrf (CVE-2026-8034)
CVE-2026-41105 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-41105)
CVE-2026-42449 SSRF (Server-Side Request Forgery) in n8n-mcp (CVE-2026-42449)
CVE-2026-20035 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-20035)
CVE-2026-39383 SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-39383)
CVE-2026-34084 Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-34084)
CVE-2026-35527 SSRF (Server-Side Request Forgery) in github.com/lxc/incus/v6/cmd/incusd (CVE-2026-35527)
CVE-2026-3340 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-3340)
CVE-2026-44015 SSRF (Server-Side Request Forgery) in github.com/0xJacky/Nginx-UI (CVE-2026-44015)
CVE-2026-39087 Vulnerability in heckel.io/ntfy/v2 (CVE-2026-39087)
CVE-2026-41644 Vulnerability in github.com/monetr/monetr (CVE-2026-41644)
CVE-2026-35548 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-35548)
CVE-2026-40346 SSRF (Server-Side Request Forgery) in @nocobase/plugin-workflow-request (CVE-2026-40346)
CVE-2026-41481 SSRF (Server-Side Request Forgery) in langchain-text-splitters (CVE-2026-41481)
CVE-2026-43995 SSRF (Server-Side Request Forgery) in flowise (CVE-2026-43995)
CVE-2026-40089 SSRF (Server-Side Request Forgery) in c (CVE-2026-40089)
CVE-2026-40072 SSRF (Server-Side Request Forgery) in web3 (CVE-2026-40072)
CVE-2025-62718 Vulnerability in axios (CVE-2025-62718)
CVE-2026-31017 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-31017)
CVE-2026-2377 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-2377)
CVE-2026-32871 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-32871)
CVE-2026-34881 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-34881)
CVE-2026-22742 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-22742)
CVE-2026-4874 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-4874)
CVE-2026-28809 XXE (XML External Entity) in esaml (CVE-2026-28809)
CVE-2026-24316 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-24316)
CVE-2026-25960 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-25960)
CVE-2025-11242 SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-11242)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →