diff --git a/library/vulnerabilities/ssrf/isRequestToItself.ts b/library/vulnerabilities/ssrf/isRequestToItself.ts
index ddf5c4f1..e763bc29 100644
--- a/library/vulnerabilities/ssrf/isRequestToItself.ts
+++ b/library/vulnerabilities/ssrf/isRequestToItself.ts
@@ -12,7 +12,7 @@ export function isRequestToItself({
   port: number | undefined;
   paths: string[];
 }): boolean {
-  if (source !== "headers" || typeof port !== "number") {
+  if (source !== "headers" || typeof port !== "number" || paths.length === 0) {
     return false;
   }