CWE-918

SSRF in LLM toolkit accesses arbitrary URLs for images, as exploited in the wild in April 2026 to conduct port scanning [REF-1519]

SSRF in LLM application development framework because the URL retriever allows connections to local addresses using a crafted Location header

Chain: LLM integration framework has prompt injection (CWE-1427) that allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF (CWE-918) and potentially injecting content into downstream tasks.

Server Side Request Forgery (SSRF) in mail server, as exploited in the wild per CISA KEV.

Server Side Request Forgery in cloud platform, as exploited in the wild per CISA KEV.

Chain: incorrect validation of intended decimal-based IP address format (CWE-1286) enables parsing of octal or hexadecimal formats (CWE-1389), allowing bypass of an SSRF protection mechanism (CWE-918).

Web server allows attackers to request a URL from another server, including other ports, which allows proxied scanning.

CGI script accepts and retrieves incoming URLs.

Web-based mail program allows internal network scanning using a modified POP3 port number.

URL-downloading library automatically follows redirects to file:// and scp:// URLs