CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Server-side request forgery vulnerabilities

SSRF37 advisories17 exploitedlatest 2026-07-08

Server-side request forgery tricks a server into making requests on the attacker’s behalf — reaching internal services, cloud metadata endpoints, or admin APIs that are unreachable from outside. In cloud environments SSRF is a credential-theft primitive, and it chains naturally with other bugs into full compromise.

Classification is assigned by the CSIRTS enrichment pipeline from the advisory text. The list below shows the latest advisories tagged server-side request forgery, newest first, across national CERTs, vendor PSIRTs and vulnerability databases — exploited marks CVEs in the CISA KEV catalog.

Latest server-side request forgery advisories

Other vulnerability classes

Remote code execution (988)Privilege escalation (451)Authentication bypass (366)Denial of service (600)Information disclosure (405)Memory corruption (244)Path traversal (100)Code injection (92)Cross-site scripting (110)Unsafe deserialization (49)SQL injection (51)