CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4615 vulnerabilities reference this CWE, most recent first.
CVE-2026-40089 (GCVE-0-2026-40089)
Vulnerability from cvelistv5 – Published: 2026-04-09 19:43 – Updated: 2026-04-13 20:20- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/sonicverse-eu/audiostreaming-s… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| sonicverse-eu | audiostreaming-stack |
Affected:
< cb1ddbacafcb441549fe87d3eeabdb6a085325e4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40089",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T20:20:25.287768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T20:20:37.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "audiostreaming-stack",
"vendor": "sonicverse-eu",
"versions": [
{
"status": "affected",
"version": "\u003c cb1ddbacafcb441549fe87d3eeabdb6a085325e4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery (SSRF) vulnerability in its API client (apps/dashboard/lib/api.ts). Installations created using the provided install.sh script (including the one\u2011liner bash \u003c(curl -fsSL https://sonicverse.short.gy/install-audiostack)) are affected. In these deployments, the dashboard accepts user-controlled URLs and passes them directly to a server-side HTTP client without sufficient validation. An authenticated operator can abuse this to make arbitrary HTTP requests from the dashboard backend to internal or external systems. This vulnerability is fixed with commit cb1ddbacafcb441549fe87d3eeabdb6a085325e4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T19:43:09.606Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sonicverse-eu/audiostreaming-stack/security/advisories/GHSA-8vvj-7f7r-7v48",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sonicverse-eu/audiostreaming-stack/security/advisories/GHSA-8vvj-7f7r-7v48"
}
],
"source": {
"advisory": "GHSA-8vvj-7f7r-7v48",
"discovery": "UNKNOWN"
},
"title": "Sonicverse has Server-Side Request Forgery via user-controlled URLs in dashboard API client"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40089",
"datePublished": "2026-04-09T19:43:09.606Z",
"dateReserved": "2026-04-09T00:39:12.206Z",
"dateUpdated": "2026-04-13T20:20:37.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40072 (GCVE-0-2026-40072)
Vulnerability from cvelistv5 – Published: 2026-04-09 17:41 – Updated: 2026-04-09 19:37- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/ethereum/web3.py/security/advi… | x_refsource_CONFIRM |
| https://github.com/ethereum/web3.py/commit/b1c57b… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40072",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T19:36:55.666029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T19:37:07.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "web3.py",
"vendor": "ethereum",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0b3, \u003c 7.15.0"
},
{
"status": "affected",
"version": "\u003e= 8.0.0b1, \u003c 8.0.0b2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup (EIP-3668) by performing HTTP requests to URLs supplied by smart contracts in offchain_lookup_payload[\"urls\"]. The implementation uses these contract-supplied URLs directly (after {sender} / {data} template substitution) without any destination validation. CCIP Read is enabled by default (global_ccip_read_enabled = True on all providers), meaning any application using web3.py\u0027s .call() method is exposed without explicit opt-in. This results in Server-Side Request Forgery (SSRF) when web3.py is used in backend services, indexers, APIs, or any environment that performs eth_call / .call() against untrusted or user-supplied contract addresses. A malicious contract can force the web3.py process to issue HTTP requests to arbitrary destinations, including internal network services and cloud metadata endpoints. This vulnerability is fixed in 7.15.0 and 8.0.0b2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 1.7,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T17:41:14.920Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ethereum/web3.py/security/advisories/GHSA-5hr4-253g-cpx2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ethereum/web3.py/security/advisories/GHSA-5hr4-253g-cpx2"
},
{
"name": "https://github.com/ethereum/web3.py/commit/b1c57bb0a124359c9902daaefab4d8af7c3c4c1e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ethereum/web3.py/commit/b1c57bb0a124359c9902daaefab4d8af7c3c4c1e"
}
],
"source": {
"advisory": "GHSA-5hr4-253g-cpx2",
"discovery": "UNKNOWN"
},
"title": "web3.py affected by SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40072",
"datePublished": "2026-04-09T17:41:14.920Z",
"dateReserved": "2026-04-09T00:39:12.204Z",
"dateUpdated": "2026-04-09T19:37:07.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39974 (GCVE-0-2026-39974)
Vulnerability from cvelistv5 – Published: 2026-04-09 16:45 – Updated: 2026-04-13 20:09- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/czlonkowski/n8n-mcp/security/a… | x_refsource_CONFIRM |
| https://github.com/czlonkowski/n8n-mcp/commit/d9d… | x_refsource_MISC |
| https://github.com/czlonkowski/n8n-mcp/releases/t… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| czlonkowski | n8n-mcp |
Affected:
< 2.47.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39974",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T20:09:16.284220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T20:09:26.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n8n-mcp",
"vendor": "czlonkowski",
"versions": [
{
"status": "affected",
"version": "\u003c 2.47.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "n8n-MCP is a Model Context Protocol (MCP) server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, an authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTH_TOKEN to cause the server to issue HTTP requests to arbitrary URLs supplied through multi-tenant HTTP headers. Response bodies are reflected back through JSON-RPC, so an attacker can read the contents of any URL the server can reach \u2014 including cloud instance metadata endpoints (AWS IMDS, GCP, Azure, Alibaba, Oracle), internal network services, and any other host the server process has network access to. The primary at-risk deployments are multi-tenant HTTP installations where more than one operator can present a valid AUTH_TOKEN, or where a token is shared with less-trusted clients. Single-tenant stdio deployments and HTTP deployments without multi-tenant headers are not affected. This vulnerability is fixed in 2.47.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T16:45:20.490Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-4ggg-h7ph-26qr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-4ggg-h7ph-26qr"
},
{
"name": "https://github.com/czlonkowski/n8n-mcp/commit/d9d847f230923d96e0857ccecf3a4dedcc9b0096",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/czlonkowski/n8n-mcp/commit/d9d847f230923d96e0857ccecf3a4dedcc9b0096"
},
{
"name": "https://github.com/czlonkowski/n8n-mcp/releases/tag/v2.47.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/czlonkowski/n8n-mcp/releases/tag/v2.47.4"
}
],
"source": {
"advisory": "GHSA-4ggg-h7ph-26qr",
"discovery": "UNKNOWN"
},
"title": "n8n-MCP has an Authenticated SSRF via instance-URL header in multi-tenant HTTP mode"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-39974",
"datePublished": "2026-04-09T16:45:20.490Z",
"dateReserved": "2026-04-08T00:01:47.628Z",
"dateUpdated": "2026-04-13T20:09:26.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39965 (GCVE-0-2026-39965)
Vulnerability from cvelistv5 – Published: 2026-05-22 17:27 – Updated: 2026-05-22 18:25- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/baptisteArno/typebot.io/securi… | x_refsource_CONFIRM |
| https://github.com/baptisteArno/typebot.io/releas… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| baptisteArno | typebot.io |
Affected:
< 3.16.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39965",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-22T18:25:44.199883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T18:25:48.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-jxv3-m939-w95c"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "typebot.io",
"vendor": "baptisteArno",
"versions": [
{
"status": "affected",
"version": "\u003c 3.16.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl() to block private IPs and cloud metadata hostnames. However, the HTTP clients (ky and fetch) follow 302 redirects without re-validating the redirect destination. An authenticated user can point a bot block to an attacker-controlled server that responds with a redirect to an internal IP, causing the Typebot server to reach internal services. An authenticated Typebot user can reach AWS metadata (169.254.169.254), private subnets, and container-internal services. Exploitable to extract cloud IAM credentials or probe internal APIs inaccessible from the internet. This issue has been fixed in version 3.16.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T17:27:39.688Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-jxv3-m939-w95c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-jxv3-m939-w95c"
},
{
"name": "https://github.com/baptisteArno/typebot.io/releases/tag/v3.16.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baptisteArno/typebot.io/releases/tag/v3.16.0"
}
],
"source": {
"advisory": "GHSA-jxv3-m939-w95c",
"discovery": "UNKNOWN"
},
"title": "TypeBot: SSRF via Open Redirect Bypass in HTTP Request and Code Blocks"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-39965",
"datePublished": "2026-05-22T17:27:39.688Z",
"dateReserved": "2026-04-08T00:01:47.627Z",
"dateUpdated": "2026-05-22T18:25:48.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39922 (GCVE-0-2026-39922)
Vulnerability from cvelistv5 – Published: 2026-04-10 19:53 – Updated: 2026-07-14 20:00- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/GeoNode/geonode/security/advis… | vendor-advisory |
| https://www.vulncheck.com/advisories/geonode-ssrf… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39922",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T17:35:42.484560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T17:36:23.783Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:github/GeoNode/geonode",
"product": "GeoNode",
"repo": "https://github.com/GeoNode/geonode",
"vendor": "GeoNode",
"versions": [
{
"lessThanOrEqual": "4.4.5",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.0.2",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geosolutionsgroup:geonode:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.4.5",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geosolutionsgroup:geonode:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.0.2",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Elure (Marasescu Mihnea-Luca)"
}
],
"datePublic": "2026-04-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GeoNode versions 4.4.5 and 5.0.2 (and prior within their respective releases) contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL during form validation. Attackers can probe internal network targets including loopback addresses, RFC1918 private IP ranges, link-local addresses, and cloud metadata services by exploiting insufficient URL validation in the WMS service handler without private IP filtering or allowlist enforcement."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T20:00:21.169Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-hw9r-6m78-w6h3"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/geonode-ssrf-via-service-registration"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GeoNode SSRF via Service Registration",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-39922",
"datePublished": "2026-04-10T19:53:05.159Z",
"dateReserved": "2026-04-07T20:57:06.210Z",
"dateUpdated": "2026-07-14T20:00:21.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39921 (GCVE-0-2026-39921)
Vulnerability from cvelistv5 – Published: 2026-04-10 19:52 – Updated: 2026-07-14 20:00- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/GeoNode/geonode/releases/tag/5.0.2 | release-notespatch |
| https://github.com/GeoNode/geonode/releases/tag/4.4.5 | release-notespatch |
| https://github.com/GeoNode/geonode/pull/14058 | issue-tracking |
| https://github.com/GeoNode/geonode/commit/9856cb5… | patch |
| https://github.com/GeoNode/geonode/commit/4a852cf… | patch |
| https://www.vulncheck.com/advisories/geonode-ssrf… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39921",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T12:29:38.130409Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T12:29:50.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:github/GeoNode/geonode",
"product": "GeoNode",
"repo": "https://github.com/GeoNode/geonode",
"vendor": "GeoNode",
"versions": [
{
"lessThan": "4.4.5",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "5.0.2",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geosolutionsgroup:geonode:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.5",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geosolutionsgroup:geonode:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.0.2",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Elure (Marasescu Mihnea-Luca)"
}
],
"datePublic": "2026-04-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability that allows authenticated users with document upload permissions to trigger arbitrary outbound HTTP requests by providing a malicious URL via the doc_url parameter during document upload. Attackers can supply URLs pointing to internal network targets, loopback addresses, RFC1918 addresses, or cloud metadata services to cause the server to make requests to internal resources without SSRF mitigations such as private IP filtering or redirect validation."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T20:00:20.433Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes",
"patch"
],
"url": "https://github.com/GeoNode/geonode/releases/tag/5.0.2"
},
{
"tags": [
"release-notes",
"patch"
],
"url": "https://github.com/GeoNode/geonode/releases/tag/4.4.5"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/GeoNode/geonode/pull/14058"
},
{
"tags": [
"patch"
],
"url": "https://github.com/GeoNode/geonode/commit/9856cb5ab27e33c0adba9274f4cccf6d1f534bd1"
},
{
"tags": [
"patch"
],
"url": "https://github.com/GeoNode/geonode/commit/4a852cfc1da732b10779b5bf5f087c8f02985571"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/geonode-ssrf-via-document-upload"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GeoNode \u003c 4.4.5, 5.0.2 SSRF via Document Upload",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-39921",
"datePublished": "2026-04-10T19:52:49.924Z",
"dateReserved": "2026-04-07T20:57:06.210Z",
"dateUpdated": "2026-07-14T20:00:20.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39885 (GCVE-0-2026-39885)
Vulnerability from cvelistv5 – Published: 2026-04-08 20:34 – Updated: 2026-04-09 16:16- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/agentfront/frontmcp/security/a… | x_refsource_CONFIRM |
| https://github.com/agentfront/frontmcp/releases/t… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| agentfront | frontmcp |
Affected:
< 1.0.4
|
|
| @frontmcp | adapters |
Affected:
< 1.0.4
|
|
| @frontmcp | sdk |
Affected:
< 1.0.4
|
|
| frontmcp | mcp-from-openapi |
Affected:
< 2.3.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39885",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T14:53:12.471902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T16:16:59.067Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/agentfront/frontmcp/security/advisories/GHSA-v6ph-xcq9-qxxj"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "frontmcp",
"vendor": "agentfront",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.4"
}
]
},
{
"product": "adapters",
"vendor": "@frontmcp",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.4"
}
]
},
{
"product": "sdk",
"vendor": "@frontmcp",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.4"
}
]
},
{
"product": "mcp-from-openapi",
"vendor": "frontmcp",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FrontMCP is a TypeScript-first framework for the Model Context Protocol (MCP). Prior to 2.3.0, the mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in OpenAPI specifications without configuring any URL restrictions or custom resolvers. A malicious OpenAPI specification containing $ref values pointing to internal network addresses, cloud metadata endpoints, or local files will cause the library to fetch those resources during the initialize() call. This enables Server-Side Request Forgery (SSRF) and local file read attacks when processing untrusted OpenAPI specifications. This vulnerability is fixed in 2.3.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T20:34:20.538Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/agentfront/frontmcp/security/advisories/GHSA-v6ph-xcq9-qxxj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/agentfront/frontmcp/security/advisories/GHSA-v6ph-xcq9-qxxj"
},
{
"name": "https://github.com/agentfront/frontmcp/releases/tag/v1.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/agentfront/frontmcp/releases/tag/v1.0.4"
}
],
"source": {
"advisory": "GHSA-v6ph-xcq9-qxxj",
"discovery": "UNKNOWN"
},
"title": "FrontMCP Affected by SSRF via $ref Dereferencing in Untrusted OpenAPI Specifications"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-39885",
"datePublished": "2026-04-08T20:34:20.538Z",
"dateReserved": "2026-04-07T20:32:03.010Z",
"dateUpdated": "2026-04-09T16:16:59.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39845 (GCVE-0-2026-39845)
Vulnerability from cvelistv5 – Published: 2026-04-15 18:26 – Updated: 2026-04-15 20:01- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/WeblateOrg/weblate/security/ad… | x_refsource_CONFIRM |
| https://github.com/WeblateOrg/weblate/pull/18815 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| WeblateOrg | weblate |
Affected:
< 5.17
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39845",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T19:37:00.454275Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T20:01:56.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "weblate",
"vendor": "WeblateOrg",
"versions": [
{
"status": "affected",
"version": "\u003c 5.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF protections. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable the webhook add-on as a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T18:26:51.706Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-f8hv-g549-hwg2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-f8hv-g549-hwg2"
},
{
"name": "https://github.com/WeblateOrg/weblate/pull/18815",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WeblateOrg/weblate/pull/18815"
}
],
"source": {
"advisory": "GHSA-f8hv-g549-hwg2",
"discovery": "UNKNOWN"
},
"title": "Weblate: SSRF via the webhook add-on using unprotected fetch_url()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-39845",
"datePublished": "2026-04-15T18:26:51.706Z",
"dateReserved": "2026-04-07T19:13:20.378Z",
"dateUpdated": "2026-04-15T20:01:56.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39843 (GCVE-0-2026-39843)
Vulnerability from cvelistv5 – Published: 2026-04-09 15:43 – Updated: 2026-04-13 20:05- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://github.com/makeplane/plane/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39843",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T20:05:19.321734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T20:05:32.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "plane",
"vendor": "makeplane",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.28.0, \u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of GHSA-jcc6-f9v6-f7jw is incomplete which could lead to the same full read Server-Side Request Forgery when a normal html page contains a link tag with an href that redirects to a private IP address is supplied to Add link by an authenticated attacker with low privileges. Redirects for the main page URL are validated, but not the favicon fetch path. fetch_and_encode_favicon() still uses requests.get(favicon_url, ...) with the default redirect-following. This vulnerability is fixed in 1.3.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T15:43:34.963Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/makeplane/plane/security/advisories/GHSA-9fr2-pprw-pp9j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/makeplane/plane/security/advisories/GHSA-9fr2-pprw-pp9j"
}
],
"source": {
"advisory": "GHSA-9fr2-pprw-pp9j",
"discovery": "UNKNOWN"
},
"title": "Plane has a Server-Side Request Forgery (SSRF) in Favicon Fetching"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-39843",
"datePublished": "2026-04-09T15:43:34.963Z",
"dateReserved": "2026-04-07T19:13:20.377Z",
"dateUpdated": "2026-04-13T20:05:32.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39695 (GCVE-0-2026-39695)
Vulnerability from cvelistv5 – Published: 2026-04-08 08:30 – Updated: 2026-04-29 09:52- CWE-918 - Server-Side Request Forgery (SSRF)
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-39695",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T19:10:59.691215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T19:11:44.168Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "podigee",
"product": "Podigee",
"vendor": "podigee",
"versions": [
{
"lessThanOrEqual": "1.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nabil Irawan | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-08T10:28:44.215Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) vulnerability in podigee Podigee podigee allows Server Side Request Forgery.\u003cp\u003eThis issue affects Podigee: from n/a through \u003c= 1.4.0.\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) vulnerability in podigee Podigee podigee allows Server Side Request Forgery.This issue affects Podigee: from n/a through \u003c= 1.4.0."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T09:52:04.201Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/podigee/vulnerability/wordpress-podigee-plugin-1-4-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"title": "WordPress Podigee plugin \u003c= 1.4.0 - Server Side Request Forgery (SSRF) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-39695",
"datePublished": "2026-04-08T08:30:45.786Z",
"dateReserved": "2026-04-07T10:58:16.464Z",
"dateUpdated": "2026-04-29T09:52:04.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.