CVE-2026-27808: Ssrf Insecure Transport
An `http.Client` is configured with an `http.Transport` that does not define `DialContext` or `Dial`. When used to fetch dynamically-provided URLs, the client can dial internal or private IP addresses, exposing the application to Server-Side Request Forgery (SSRF). Ensure a protective `DialContext` is set.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
Goβ
Goβgreprules fetch cve-2026-27808-ssrf-insecure-transport --engine opengrepDescription
An `http.Client` is configured with an `http.Transport` that does not define `DialContext` or `Dial`. When used to fetch dynamically-provided URLs, the client can dial internal or private IP addresses, exposing the application to Server-Side Request Forgery (SSRF). Ensure a protective `DialContext` is set.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0