GHSA-v376-5ppg-xp5vMediumCVSS 5.0
Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1...
🔗 CVE IDs covered (1)
📋 Description
Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentially execute commands via instance secrets.
🔗 References (5)
- https://github.com/open-webui/open-webui/security/advisories/GHSA-82r6-c5jm-f3mw
- https://nvd.nist.gov/vuln/detail/CVE-2026-56399
- https://github.com/open-webui/open-webui/commit/02238d3113e966c353fce18f1b65117380896774
- https://www.vulncheck.com/advisories/open-webui-server-side-request-forgery-via-location-redirect-in-api-v1-retrieval-process-web
- https://github.com/advisories/GHSA-v376-5ppg-xp5v