PT-2026-42802

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, SSRF protection for Webhook / HTTP Request blocks validates only the URL string, blocked hostname literals, and literal IP formats. It does not resolve DNS before allowing the request. As a result, a hostname such as ssrf-repro.examp...

Server-side Request Forgery (SSRF)

Overview pydantic-ai-slim is an Agent Framework / shim to use Pydantic with LLMs, slim package Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via incomplete blocklist in isprivateip function when forcedownload='allow-local' is enabled. An attacker can access...

Crawlee for Python: SSRF via sitemap-derived URLs

Overview - Vulnerability type: Blind SSRF - Affected components: src/crawlee/utils/sitemap.py, src/crawlee/utils/robots.py, src/crawlee/requestloaders/sitemaprequestloader.py, and all built-in HTTP clients. - Trigger: an attacker-controlled sitemap or robots.txt containing a URL that points to an...

PT-2026-42674

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.04.1 Description The request-filtering-agent Server-Side Request Forgery SSRF protection is non-functional in the Slack, Discord, Mattermost, and Teams notification webhook plugins. This occurs because the httpAge...

PT-2026-42590

Overview - Vulnerability type: Blind SSRF - Affected components: src/crawlee/ utils/sitemap.py, src/crawlee/ utils/robots.py, src/crawlee/request loaders/ sitemap request loader.py, and all built-in HTTP clients. - Trigger: an attacker-controlled sitemap or robots.txt containing a URL that points...

PT-2026-42667

Name of the Vulnerable Software and Affected Versions Crawlee versions 1.0.0 through 1.6.9 Description Crawlee is subject to a blind Server-Side Request Forgery SSRF when processing sitemap-derived URLs or robots.txt directives. The issue occurs when an attacker-controlled sitemap or robots.txt...

GO-2026-4990 Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes in github.com/gotenberg/gotenberg

Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes in github.com/gotenberg/gotenberg...

Astra Linux - уязвимость в unoconv

The unoconv package before version 0.9 mishandles untrusted pathnames, resulting in SSRF and local file inclusions...

CVE-2026-6394

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

CVE-2026-6394 Nexa Blocks <= 1.1.1 - Unauthenticated Blind Server-Side Request Forgery via 'demo_json_file' Parameter

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl

Resolution SillyTavern 1.18.0 added a generic server-side request filter Private Request Whitelisting. Since we expect users to use the application in a trusted environment, the filter is disabled by default, however it is strongly advised to be enabled and properly configured when an instance is...

GHSA-QG89-QWWH-5F3J SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl

Resolution SillyTavern 1.18.0 added a generic server-side request filter Private Request Whitelisting. Since we expect users to use the application in a trusted environment, the filter is disabled by default, however it is strongly advised to be enabled and properly configured when an instance is...

EUVD-2026-30956

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...

EUVD-2026-30957

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the remoteurl parameter in the remote directory scan endpoint POST /v1/iac/iacVersion/cloud/remote/dir/scan when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL...

CVE-2026-47356

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the webhookurl parameter in the file scan endpoint POST /v1/iac/iacVersion/cloud/local/file/scan when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhookurl multipa...

GHSA-J3FJ-QPPJ-FMMC Mailpit has an incomplete fix for GHSA-6jxm: HTML check still permits SSRF to private/loopback/IMDS via missing IP-filter dialer

Summary The fix for GHSA-6jxm-fv7w-rw5j CVE-2026-23845, "Server-Side Request Forgery SSRF via HTML Check API", shipped in mailpit v1.28.3, hardened internal/htmlcheck/css.go::downloadCSSToBytes with a 5MB size cap, a text/css content-type check, login-info stripping in isValidURL, and an opt-in...

Server-side Request Forgery (SSRF)

Overview @haxtheweb/open-apis is a Shared API infrastructure for HAXTheWeb advanced capabilities like importing, parsing, analysis, migration Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper hostname validation in the cacheAddress, JOSHelpers, and...

CVE-2026-31910

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

CVE-2026-29226

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

CVE-2026-29226

CVE-2026-29226 describes a Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz triggered via Content component operations. Affected versions are before 24.09.06. The recommended remediation is to upgrade to version 24.09.06, which fixes the issue. The available connected sources conf...