What the vulnerability does
01Description
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses
CVE-2022-1722
HIGH
CVE-2022-1722: SSRF in editor's proxy via IPv6 link-local address in jgraph/drawio
CVSS base score
7.5/10
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
Key dates
02Disclosure timeline
May 16, 2022
CVE published
August 3, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-13281 Portworx Half-Blind SSRF in kube-controller-manager
CVE-2026-34504 OpenClaw < 2026.3.28 - Server-Side Request Forgery via Unguarded Image Download in fal Provider
CVE-2025-53767 Azure OpenAI Elevation of Privilege Vulnerability
CVE-2026-6394 Nexa Blocks <= 1.1.1 - Unauthenticated Blind Server-Side Request Forgery via 'demo_json_file' Parameter
CVE-2026-45660 Statamic: Server-Side Request Forgery via Glide
