CVE-2026-26324 OpenClaw has a SSRF guard bypass via full-form IPv4-mapped IPv6 (loopback / metadata reachable)

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, OpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped IPv6 literals such as 0:0:0:0:0:ffff:7f00:1 which is 127.0.0.1. This could allow requests that should be blocked loopback / private network / link-local metada...

CVE-2026-26338

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side request forgery SSRF through the document processing functionality...

CVE-2026-26338

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side request forgery SSRF through the document processing functionality...

CVE-2026-2274

A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11-23 allows an authenticated remote attacker to read sensitive local files and access internal network resources via crafted requests to the production cluster. This vulnerability was patched and no...

CVE-2025-55853

SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery SSRF. The PDF converter function does not check if internal or external resources are requested in the uploaded files and allows for protocols such as http:// and file:///. This allows an attacker to upload an XML or HTM...

CVE-2026-25428

The provided connected sources document a concrete vulnerability: WordPress TS Poll plugin (poll-wp) versions up to and including 2.5.5 have a Server-Side Request Forgery (SSRF) flaw. The root cause is not elaborated beyond the SSRF condition, and there is no explicit exploit code or in-the-wild ...

CVE-2026-25310 WordPress Extend Link plugin <= 2.0.0 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Alobaidi Extend Link extend-link allows Server Side Request Forgery.This issue affects Extend Link: from n/a through = 2.0.0...

CVE-2026-23803 WordPress Smart Auto Upload Images plugin <= 1.2.2 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Burhan Nasir Smart Auto Upload Images smart-auto-upload-images allows Server Side Request Forgery.This issue affects Smart Auto Upload Images: from n/a through = 1.2.2...

CVE-2026-23803

Server-Side Request Forgery SSRF vulnerability in Burhan Nasir Smart Auto Upload Images smart-auto-upload-images allows Server Side Request Forgery.This issue affects Smart Auto Upload Images: from n/a through = 1.2.2...

PT-2026-20650

Name of the Vulnerable Software and Affected Versions zhutoutoutousan worldquant-miner versions through 1.0.9 Description A server-side request forgery issue exists in zhutoutoutousan worldquant-miner. The issue is related to the manipulation of the make request argument within an unknown functio...

PT-2026-20682

Server-Side Request Forgery SSRF vulnerability in Alobaidi Extend Link extend-link allows Server Side Request Forgery.This issue affects Extend Link: from n/a through = 2.0.0...

PT-2026-20946

Server-Side Request Forgery SSRF vulnerability in OpenText™ XM Fax allows Server Side Request Forgery. The vulnerability could allow an attacker to perform blind SSRF to other systems accessible from the XM Fax server. This issue affects XM Fax: 24.2...

CVE-2026-1999

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to access internal services bound to loopback or unspecified addresses, potentially disrupting background job processing, accessing administrative endpoints, metrics, and...

OpenClaw has two SSRF via sendMediaFeishu and markdown image fetching in Feishu extension

Summary The Feishu extension could fetch attacker-controlled remote URLs in two paths without SSRF protections: - sendMediaFeishumediaUrl - Feishu DocX markdown image URLs write/append - image processing Affected versions - = 2026.2.14 Impact If an attacker can influence tool calls directly or vi...

CVE-2026-2654

A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component LocalPythonExecutor. Executing a manipulation can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webhooks process. An attacker can access internal network resources and extract sensitive information by submitting crafted webhook URLs that resolve to internal IP addresses, causing the server ...

NetApp StorageGRID 安全漏洞

NetApp StorageGRID is a object storage solution developed by the American network device company NetApp. Versions of NetApp StorageGRID prior to 11.9.0.12 and 12.0.0.4 contained security vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability when...

PT-2026-23529

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description The Feishu extension in OpenClaw is susceptible to server-side request forgery SSRF. This allows attackers to retrieve content from attacker-controlled remote URLs without proper SSRF protection...

CVE-2026-22048

StorageGRID formerly StorageGRID Webscale versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID formerly Azure AD as an IdP are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an authenticated...

CVE-2026-22048

StorageGRID (formerly StorageGRID Webscale) is affected in versions prior to 11.9.0.12 and 12.0.0.4 when Single Sign-On is enabled and configured to use Microsoft Entra ID as the IdP. An authenticated attacker with low privileges could exploit a Server-Side Request Forgery (SSRF) vulnerability to...