https://appsec.fyi/ssrf.html Curated SSRF resources from appsec.fyi en-us Sun, 12 Apr 2026 04:12:19 +0000 carl@chs.us (Carl Sampson) https://x.com/pulsepatchio/status/2043165028501647442 https://x.com/pulsepatchio/status/2043165028501647442 `Flowise` is affected by a Server-Side Request Forgery (SSRF) vulnerability (CVE-2026-31829) in its HTTP Node, potentially allowing internal network access. Investigate network segmentation and outbou... SSRF Sun, 12 Apr 2026 03:23:20 +0000 https://x.com/SOE_Expeditions/status/2042876556788322507 https://x.com/SOE_Expeditions/status/2042876556788322507 Gus March-Phillipps led the SSRF into the darkness with nerves of steel. Gone but not forgotten RiP Warriors. Come follow in their footsteps. soeexpeditions.com soeexpeditions.com/ssrf-jersey-1 #ssrf ... SSRF Sat, 11 Apr 2026 08:08:29 +0000 https://x.com/pulsepatchio/status/2042796432785043871 https://x.com/pulsepatchio/status/2042796432785043871 A NO_PROXY hostname normalization bypass (CVE-2025-62718) in `Axios` could lead to SSRF. Implement strict input validation and monitor for patches. #Axios #SSRF #infosec pulsepatch.io/posts/cve-2025… ... SSRF Sat, 11 Apr 2026 03:03:37 +0000 https://x.com/SOE_Expeditions/status/2042514343737082234 https://x.com/SOE_Expeditions/status/2042514343737082234 Anders Lassen: Legend of the SSRF. Every mission was a dance with destiny in the Channel Islands. Gone but not forgotten RiP Warriors. Walk in their footsteps: soeexpeditions.com/ssrf-jersey-1 soeexpe... SSRF Fri, 10 Apr 2026 08:18:40 +0000 https://hackerone.com/reports/341876 https://hackerone.com/reports/341876 HackerOne: SSRF in Exchange Leads to ROOT (Shopify) SSRF Fri, 10 Apr 2026 01:59:39 +0000 https://media.defcon.org/DEF%20CON%2027/DEF%20CON%2027%20presentations/DEFCON-27-Ben-Sadeghipour-Owning-the-clout-through-SSRF-and-PDF-generators.pdf https://media.defcon.org/DEF%20CON%2027/DEF%20CON%2027%20presentations/DEFCON-27-Ben-Sadeghipour-Owning-the-clout-through-SSRF-and-PDF-generators.pdf DEF CON 27: Owning the Clout Through SSRF and PDF Generators SSRF Fri, 10 Apr 2026 01:59:38 +0000 https://pentesterlab.com/exercises/pdf_ssrf https://pentesterlab.com/exercises/pdf_ssrf PentesterLab: SSRF in PDF Generation SSRF Fri, 10 Apr 2026 01:59:37 +0000 https://medium.com/@rkvb/the-ultimate-sink-for-ssrfs-html-to-pdf-converters-353b66398f52 https://medium.com/@rkvb/the-ultimate-sink-for-ssrfs-html-to-pdf-converters-353b66398f52 The Ultimate Sink for SSRFs: HTML To PDF Converters SSRF Fri, 10 Apr 2026 01:59:36 +0000 https://www.hoyahaxa.com/2025/01/an-ssrf-to-lfi-payload-for-pdf.html https://www.hoyahaxa.com/2025/01/an-ssrf-to-lfi-payload-for-pdf.html SSRF to LFI Payload for PDF Generators (CVE-2024-34112) SSRF Fri, 10 Apr 2026 01:59:36 +0000 https://www.intigriti.com/researchers/blog/hacking-tools/exploiting-pdf-generators-a-complete-guide-to-finding-ssrf-vulnerabilities-in-pdf-generators https://www.intigriti.com/researchers/blog/hacking-tools/exploiting-pdf-generators-a-complete-guide-to-finding-ssrf-vulnerabilities-in-pdf-generators Exploiting PDF Generators: Complete Guide to SSRF SSRF Fri, 10 Apr 2026 01:59:35 +0000 https://medium.com/@okanyildiz1994/mastering-ssrf-vulnerabilities-an-ultra-extensive-guide-to-understanding-and-mitigating-43aa09a8df08 https://medium.com/@okanyildiz1994/mastering-ssrf-vulnerabilities-an-ultra-extensive-guide-to-understanding-and-mitigating-43aa09a8df08 Mastering SSRF: Ultra-Extensive Guide SSRF Fri, 10 Apr 2026 01:59:34 +0000 https://github.com/salesforce/metabadger https://github.com/salesforce/metabadger Metabadger: Prevent SSRF via Automated IMDSv2 Upgrades SSRF Fri, 10 Apr 2026 01:59:33 +0000 https://oneuptime.com/blog/post/2026-02-12-use-imdsv2-for-secure-instance-metadata-access/view https://oneuptime.com/blog/post/2026-02-12-use-imdsv2-for-secure-instance-metadata-access/view How to Use IMDSv2 for Secure Instance Metadata Access SSRF Fri, 10 Apr 2026 01:59:33 +0000 https://zus3c.medium.com/ssrf-cheat-sheet-2025-latest-exploits-defenses-real-world-case-studies-6f028d121455 https://zus3c.medium.com/ssrf-cheat-sheet-2025-latest-exploits-defenses-real-world-case-studies-6f028d121455 SSRF Cheat Sheet 2025: Exploits, Defenses & Case Studies SSRF Fri, 10 Apr 2026 01:59:32 +0000 https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/ https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/ AWS Defense in Depth Against SSRF with EC2 IMDS SSRF Fri, 10 Apr 2026 01:59:31 +0000 https://cybersecurity88.com/news/cve-2025-51591-new-ssrf-exploit-targets-aws-instance-metadata-service/ https://cybersecurity88.com/news/cve-2025-51591-new-ssrf-exploit-targets-aws-instance-metadata-service/ CVE-2025-51591: SSRF Exploit Targets AWS Instance Metadata Service SSRF Fri, 10 Apr 2026 01:59:31 +0000 https://securitywall.co/blog/cloud-penetration-testing-aws-azure-gcp-guide-2026 https://securitywall.co/blog/cloud-penetration-testing-aws-azure-gcp-guide-2026 Cloud Penetration Testing: AWS, Azure & GCP Guide (2026) SSRF Fri, 10 Apr 2026 01:59:30 +0000 https://www.tenable.com/security/research/tra-2025-45 https://www.tenable.com/security/research/tra-2025-45 GCP SSRF on Action Hub Extension - Tenable SSRF Fri, 10 Apr 2026 01:59:29 +0000 https://unit42.paloaltonetworks.com/server-side-request-forgery-exposes-data-of-technology-industrial-and-media-organizations/ https://unit42.paloaltonetworks.com/server-side-request-forgery-exposes-data-of-technology-industrial-and-media-organizations/ SSRF Exposes Data of Technology, Industrial and Media Organizations SSRF Fri, 10 Apr 2026 01:59:28 +0000 https://madhuakula.com/kubernetes-goat/docs/scenarios/scenario-3/ssrf-in-the-kubernetes-world/welcome/ https://madhuakula.com/kubernetes-goat/docs/scenarios/scenario-3/ssrf-in-the-kubernetes-world/welcome/ SSRF in the Kubernetes World - Kubernetes Goat SSRF Fri, 10 Apr 2026 01:59:28 +0000 https://blog.nashtechglobal.com/exploiting-ssrf-in-cloud-only-environments-a-deep-dive/ https://blog.nashtechglobal.com/exploiting-ssrf-in-cloud-only-environments-a-deep-dive/ Exploiting SSRF in Cloud-Only Environments: A Deep Dive SSRF Fri, 10 Apr 2026 01:59:27 +0000 https://www.penligent.ai/hackinglabs/private-ip-addresses-deep-dive-security-risks-ssrf-and-modern-exploitation/ https://www.penligent.ai/hackinglabs/private-ip-addresses-deep-dive-security-risks-ssrf-and-modern-exploitation/ Private IP Addresses Deep Dive: Security Risks, SSRF, and Exploitation SSRF Fri, 10 Apr 2026 01:59:26 +0000 https://www.thehackerwire.com/fastgpt-critical-ssrf-via-unauthenticated-http-proxy-endpoint/ https://www.thehackerwire.com/fastgpt-critical-ssrf-via-unauthenticated-http-proxy-endpoint/ FastGPT Critical SSRF via Unauthenticated HTTP Proxy Endpoint SSRF Fri, 10 Apr 2026 01:59:25 +0000 https://radar.offseq.com/threat/cve-2026-35572-cwe-918-server-side-request-forgery-9880f733 https://radar.offseq.com/threat/cve-2026-35572-cwe-918-server-side-request-forgery-9880f733 CVE-2026-35572: SSRF in ChurchCRM SSRF Fri, 10 Apr 2026 01:59:25 +0000 https://radar.offseq.com/threat/cve-2026-34936-cwe-918-server-side-request-forgery-f70ae3e4 https://radar.offseq.com/threat/cve-2026-34936-cwe-918-server-side-request-forgery-f70ae3e4 CVE-2026-34936: SSRF in PraisonAI SSRF Fri, 10 Apr 2026 01:59:24 +0000 https://radar.offseq.com/threat/cve-2026-39368-cwe-918-server-side-request-forgery-41ed5d8d https://radar.offseq.com/threat/cve-2026-39368-cwe-918-server-side-request-forgery-41ed5d8d CVE-2026-39368: SSRF in WWBN AVideo SSRF Fri, 10 Apr 2026 01:59:23 +0000 https://radar.offseq.com/threat/cve-2026-33182-cwe-918-server-side-request-forgery-18e7372d https://radar.offseq.com/threat/cve-2026-33182-cwe-918-server-side-request-forgery-18e7372d CVE-2026-33182: SSRF in Saloon PHP Library SSRF Fri, 10 Apr 2026 01:59:22 +0000 https://dailycve.com/soft-serve-server-side-request-forgery-ssrf-cve-2026-30832-critical/ https://dailycve.com/soft-serve-server-side-request-forgery-ssrf-cve-2026-30832-critical/ CVE-2026-30832: Critical SSRF in Soft Serve SSRF Fri, 10 Apr 2026 01:59:22 +0000 https://shivxtar.medium.com/blind-ssrf-with-burp-collaborator-7c2608fcfb73 https://shivxtar.medium.com/blind-ssrf-with-burp-collaborator-7c2608fcfb73 Blind SSRF with Burp Collaborator SSRF Fri, 10 Apr 2026 01:59:21 +0000 https://safe.security/wp-content/uploads/blind-ssrf.pdf https://safe.security/wp-content/uploads/blind-ssrf.pdf Blind SSRF with Shellshock Exploitation SSRF Fri, 10 Apr 2026 01:59:20 +0000 https://undercodetesting.com/mastering-blind-ssrf-detection-with-burp-suite-a-step-by-step-guide/ https://undercodetesting.com/mastering-blind-ssrf-detection-with-burp-suite-a-step-by-step-guide/ Mastering Blind SSRF Detection With Burp Suite SSRF Fri, 10 Apr 2026 01:59:19 +0000 https://portswigger.net/burp/documentation/desktop/testing-workflow/ssrf/testing-for-blind-ssrf https://portswigger.net/burp/documentation/desktop/testing-workflow/ssrf/testing-for-blind-ssrf Testing for Blind SSRF with Burp Suite SSRF Fri, 10 Apr 2026 01:59:19 +0000 https://portswigger.net/web-security/ssrf/blind/lab-out-of-band-detection https://portswigger.net/web-security/ssrf/blind/lab-out-of-band-detection Blind SSRF Lab: Out-of-Band Detection SSRF Fri, 10 Apr 2026 01:59:18 +0000 https://portswigger.net/web-security/ssrf/blind https://portswigger.net/web-security/ssrf/blind Blind SSRF Vulnerabilities - PortSwigger SSRF Fri, 10 Apr 2026 01:59:17 +0000 https://medium.com/@patilvinay199/uncovering-for-blind-ssrf-using-burp-collaborator-5dd34342d62b https://medium.com/@patilvinay199/uncovering-for-blind-ssrf-using-burp-collaborator-5dd34342d62b Uncovering Blind SSRF Using Burp Collaborator SSRF Fri, 10 Apr 2026 01:59:16 +0000 https://medium.com/@0xUN7H1NK4BLE/how-ssrf-leads-to-rce-in-a-net-application-ee1b13812245 https://medium.com/@0xUN7H1NK4BLE/how-ssrf-leads-to-rce-in-a-net-application-ee1b13812245 How SSRF Leads to RCE in a .NET Application SSRF Fri, 10 Apr 2026 01:59:15 +0000 https://infosecwriteups.com/from-ssrf-to-rce-a-7-step-chain-against-posthog-d0954b3f26b0 https://infosecwriteups.com/from-ssrf-to-rce-a-7-step-chain-against-posthog-d0954b3f26b0 From SSRF to RCE: A 7-Step Chain Against PostHog SSRF Fri, 10 Apr 2026 01:59:15 +0000 https://pluto.security/blog/mcpwnfluence-cve-2026-27825-critical/ https://pluto.security/blog/mcpwnfluence-cve-2026-27825-critical/ MCPwnfluence: SSRF to RCE in Atlassian MCP Server (Pluto Security) SSRF Fri, 10 Apr 2026 01:59:14 +0000 https://www.resecurity.com/blog/article/blind-ssrf-to-rce-vulnerability-exploitation https://www.resecurity.com/blog/article/blind-ssrf-to-rce-vulnerability-exploitation Blind SSRF to RCE Vulnerability Exploitation SSRF Fri, 10 Apr 2026 01:59:13 +0000 https://medium.com/@Aacle/server-side-request-forgery-ssrf-from-ping-to-rce-6ac95bf4e489 https://medium.com/@Aacle/server-side-request-forgery-ssrf-from-ping-to-rce-6ac95bf4e489 SSRF: From Ping to RCE SSRF Fri, 10 Apr 2026 01:59:12 +0000 https://blog.pluto.security/p/mcpwnfluence-cve-2026-27825-critical https://blog.pluto.security/p/mcpwnfluence-cve-2026-27825-critical MCPwnfluence: Critical SSRF to RCE in mcp-atlassian (Pluto Security) SSRF Fri, 10 Apr 2026 01:59:12 +0000 https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr MindsDB: Bypass SSRF Protection with DNS Rebinding SSRF Fri, 10 Apr 2026 01:59:11 +0000 https://cvereports.com/reports/CVE-2026-27127 https://cvereports.com/reports/CVE-2026-27127 CVE-2026-27127: Weaponizing DNS Rebinding to Bypass SSRF Filters in Craft CMS SSRF Fri, 10 Apr 2026 01:59:10 +0000 https://www.nodejs-security.com/blog/bypassing-ssrf-protection-nossrf https://www.nodejs-security.com/blog/bypassing-ssrf-protection-nossrf Bypassing SSRF Protection in nossrf: When Safeguards Become Loopholes SSRF Fri, 10 Apr 2026 01:59:10 +0000 https://blog.cyberadvisors.com/technical-blog/blog/using-dns-to-bypass-ssrf-protections https://blog.cyberadvisors.com/technical-blog/blog/using-dns-to-bypass-ssrf-protections Using DNS To Bypass SSRF Protections SSRF Fri, 10 Apr 2026 01:59:09 +0000 https://advisories.gitlab.com/pkg/composer/craftcms/cms/CVE-2026-27127/ https://advisories.gitlab.com/pkg/composer/craftcms/cms/CVE-2026-27127/ CVE-2026-27127: Craft CMS Cloud Metadata SSRF via DNS Rebinding SSRF Fri, 10 Apr 2026 01:59:08 +0000 https://hackerone.com/reports/1369312 https://hackerone.com/reports/1369312 HackerOne: SSRF Mitigation Bypass Using DNS Rebind Attack SSRF Fri, 10 Apr 2026 01:59:07 +0000 https://www.clear-gate.com/blog/ssrf-with-dns-rebinding-2/ https://www.clear-gate.com/blog/ssrf-with-dns-rebinding-2/ SSRF with DNS Rebinding - Clear Gate SSRF Fri, 10 Apr 2026 01:59:07 +0000 https://h3des.medium.com/bypass-ssrf-with-dns-rebinding-6811093fceb0 https://h3des.medium.com/bypass-ssrf-with-dns-rebinding-6811093fceb0 Bypass SSRF with DNS Rebinding SSRF Fri, 10 Apr 2026 01:59:06 +0000 https://bugbounty.meta.com/payout-guidelines/ssrf/ https://bugbounty.meta.com/payout-guidelines/ssrf/ Meta Bug Bounty: SSRF Payout Guidelines SSRF Fri, 10 Apr 2026 01:59:05 +0000