◈ AI Security Intelligence ← All terms
Attack  ·  Glossary

Server-side request forgery (SSRF) in AI platforms

Definition
An attack where a maliciously crafted request tricks an AI platform's server into making internal network calls on the attacker's behalf — reaching systems that are normally hidden behind a firewall, including cloud credential stores (AWS/GCP/Azure metadata endpoints), internal databases, and AI model servers. The attacker never directly touches those internal systems; they use the AI server as a proxy.
Why it matters
AI platforms are designed to connect to data sources everywhere, making them natural pivots for SSRF attacks; a single exploitable AI tool can expose an entire cloud environment's credentials and internal services. Multiple platforms in our recent findings — ToolJet, LibreChat, Mattermost, Crawl4AI, LiteLLM — were all vulnerable simultaneously.
Demonstrated by recent findings
ToolJet AI Platform — SSRF in RestAPI Data Source via Private IP Filter BypassLibreChat — SSRF via User-Configured baseURL with No Private IP or Scheme ValidationMattermost Agents MCP Plugin — SSRF via Unvalidated Attachment URLs Allows Internal Network AccessCrawl4AI Docker API — Proxy SSRF Bypass Reaches Internal Network (CVSS 8.6)LiteLLM MCP Server — Server-Side Request Forgery via _execute_with_mcp_client (CVE-2026-12774)
References
OWASP API Security Top 10 — API7:2023 Server-Side Request Forgery
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →