Lucene search
K

4 matches found

Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50480

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description An issue exists where the process picture url function in backend/open webui/utils/oauth.py performs URL validation only on the initial URL. Subsequently, it uses aiohttp.ClientSession.get without...

8.5CVSS5.8AI score0.00203EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/05/15 8:37 p.m.68 views

CVE-2026-45401 Open WebUI: SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the validateurl function in backend/openwebui/retrieval/web/utils.py only validates the initial URL submitted by the caller. The HTTP clients used downstream sync requests, async...

8.5CVSS0.003EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2026/05/14 8:27 p.m.5 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45401 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45401 Source advisory: SNYK:PYTHON-OPENWEBUI-16735624...

8.5CVSS7.2AI score0.003EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/14 8:27 p.m.6 views

hubzoid (>=0.2.2 <=0.6.0), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-45401 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-45401 Source advisory: OSV:GHSA-RH5X-H6PP-CJJ6...

8.5CVSS7.2AI score0.003EPSS
Exploits1
Rows per page
Query Builder