2024 CWE Top 25 Most Dangerous Software Weaknesses: Server-Side Request Forgery (SSRF) CWE-918
At its core, SSRF arises when an attacker can manipulate a server to send HTTP requests to arbitrary destinations, often bypassing firewalls, access controls, and other security measures. The vulnerability stems from improper validation of user-supplied URLs or inputs that dictate server-side request behaviour.