Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2026-45401

๐Ÿ—“๏ธย 15 May 2026ย 20:37:29Reported byย GitHub_MTypeย 
cve
ย cve๐Ÿ”—ย web.nvd.nist.gov๐Ÿ‘ย 18ย Views๐ŸŒ WEB

CVE-2026-45401 Open WebUI SSRF via redirects; 0.9.5 fixes bypass of private address and metadata address blocklists.

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
ATTACKERKB		CVE-2026-45401
15 May 202620:37
โ€“attackerkb
Circl		CVE-2026-45401
10 May 202619:43
โ€“circl
CNNVD		Open WebUI ไปฃ็ ้—ฎ้ข˜ๆผๆดž
15 May 202600:00
โ€“cnnvd
Cvelist		CVE-2026-45401 Open WebUI: SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints
15 May 202620:37
โ€“cvelist
EUVD		EUVD-2026-30631
15 May 202620:37
โ€“euvd
Github Security Blog		Open WebUI has a SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints (not addressed by CVE-2025-65958)
14 May 202620:27
โ€“github
NVD		CVE-2026-45401
15 May 202621:16
โ€“nvd
Tenable Nessus		Open WebUI < 0.9.5 Multiple Vulnerabilities
15 May 202600:00
โ€“nessus
OSV		GHSA-RH5X-H6PP-CJJ6 Open WebUI has a SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints (not addressed by CVE-2025-65958)
14 May 202620:27
โ€“osv
Positive Technologies		PT-2026-41196
14 May 202600:00
โ€“ptsecurity
Rows per page
NVD
Vulners
Node
openwebuiopen_webuiRange<0.9.5
[
  {
    "vendor": "open-webui",
    "product": "open-webui",
    "versions": [
      {
        "version": "< 0.9.5",
        "status": "affected"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
urlrequest body/api/v1/retrieval/process/webPublic URL submitted that 302-redirects to private/internal IPs can be used to read internal response bodies through this endpoint.CWE-918
image_urlrequest body/api/chat/completionsImage URL content in chat completions can expose internal responses if redirects point to internal addresses.CWE-918

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
19 May 2026 12:07Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.18.5
EPSS0.00039
SSVC
CWE-918
open webuissrf vulnerabilityhttp redirectsprivate address blocklistmetadata address blocklistweb fetchimage load endpointsapi retrieval endpoint
18