CVE-2026-45400
Open WebUI: Server-Side Request Forgery (SSRF) bypass in `validate_url`
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, a parsing difference between the urlparse and requests libraries led to an SSRF bypass vulnerability. This vulnerability is fixed in 0.9.5.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Productos afectados
open-webui · open-webui¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →