Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading

OpenClaw: QQBot direct media upload skipped URL SSRF validation

used by get_num_tokens_from_messages for image token counting) validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS resolution. This

attacker-controlled server could redirect to internal, localhost, or cloud metadata endpoints, bypassing SSRF protections. The resp

core security wrappers (secureAxiosRequest and secureFetch) intended to prevent Server-Side Request Forgery (SSRF) contain multiple logic flaws. These flaws allow attackers to bypass the allow/deny lists via DNS Rebinding

customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force

OpenClaw: Browser snapshot and screenshot routes could expose internal page

Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure

Flowise Execute Flow function has an SSRF vulnerability

PraisonAIAgents: SSRF via unvalidated URL in `web_crawl` httpx fallback

PraisonAI has Unrestricted Upload Size in WSGI Recipe Registry Server

authenticated SSRF via instance-URL header in multi-tenant HTTP mode

vLLM: Server-Side Request Forgery (SSRF) in `download_bytes_from

prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of attacker-supplied filesystem paths. In certain code

Prior to version 4.7.0, the patch introduced in commit e8a513591 (CVE-2026-30840) added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama

allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including evaluate-capable actions without valid

supply or influence attachment URLs to force redirects to non-allowlisted targets, bypassing SSRF boundary controls

range validation in the isPrivateIpv4() function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit web_fetch

forgery vulnerability in web_search citation redirect resolution that uses a private-network-allowing SSRF policy. An attacker who can influence citation redirect targets can trigger internal-network requests from

pinning bypass vulnerability in strict URL fetch paths that allows attackers to circumvent SSRF guards when environment proxy variables are configured. When HTTP_PROXY, HTTPS_PROXY, or ALL_PROXY environment