Safeguard
Tag

ssrf

Safeguard articles tagged "ssrf" — guides, analysis, and best practices for software supply chain and application security.

25 articles

Vulnerability Guides

What is SSRF (Server-Side Request Forgery)?

Server-side request forgery tricks your own backend into making attacker-chosen requests — often against internal systems it should never reach. Here's how SSRF works and how to shut it down.

Jul 1, 20265 min read
Application Security

Securing Next.js applications and middleware

CVE-2025-29927 let attackers bypass Next.js middleware auth with one header. Here's how that and three other real CVEs expose middleware, Server Actions, and caching.

May 24, 20267 min read
Vulnerability Analysis

What is Server-Side Request Forgery (SSRF)

SSRF turns a server's own trusted network position against it. Learn how the Capital One breach happened, real CVEs, and how to detect and prevent it.

Mar 31, 20266 min read
Application Security

OWASP API Security Top 10 Explained

The 2023 OWASP API Security Top 10 explained with real breaches — T-Mobile, Optus, Peloton — plus what changed since 2019 and how to prioritize fixes.

Mar 10, 20267 min read
Application Security

Unsafe Consumption of APIs

OWASP's API10:2023 exposes a blind spot: teams sanitize user input but blindly trust API responses from partners, vendors, and internal services.

Mar 9, 20267 min read
Vulnerability Analysis

Python urllib.parse NFKC normalization blocklist bypass (CVE-2023-24329)

CVE-2023-24329 let attackers bypass URL blocklists via leading blank characters in Python's urllib.parse, enabling SSRF and filter evasion.

Dec 29, 20257 min read
Vulnerability Analysis

Server-Side Request Forgery (SSRF): how it works and how to prevent it

SSRF turns a server into an attacker's proxy into your internal network. Here's how it works, what Capital One's breach taught the industry, and how to stop it.

Dec 14, 20256 min read
Vulnerability Analysis

SSRF via webhooks explained

Webhook SSRF turns a trusted callback feature into an internal network foothold. Here is how the attack works, real incidents, and how to actually fix it.

Dec 4, 20257 min read
Vulnerability Analysis

CVE-2023-26159: SSRF/credential exposure in follow-redire...

CVE-2023-26159 shows how flawed URL parsing in follow-redirects let attackers trigger SSRF and leak Authorization headers across unintended hosts.

Oct 12, 20257 min read
Cloud Security

Pandoc CVE-2025-51591: SSRF Against EC2 Metadata in the Wild

Wiz documented active exploitation of Pandoc CVE-2025-51591 to reach the AWS IMDS through iframe rendering. Here is the kill chain and the production controls that contained it.

Sep 30, 20256 min read
Vulnerability Analysis

Commvault CVE-2025-34028: SSRF to RCE in Enterprise Backup Software

A critical SSRF vulnerability in Commvault Command Center allowed unauthenticated attackers to achieve remote code execution on backup infrastructure. CISA added it to the KEV catalog.

May 1, 20255 min read
Code Security

Server-Side Request Forgery (SSRF): The Vulnerability That Unlocks Cloud Metadata

SSRF lets attackers reach internal services through your application. In cloud environments, that often means access to instance metadata and IAM credentials.

Jun 18, 20236 min read
ssrf (Page 2) — Safeguard Blog