2 matches found
Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects
Summary The SafePlaywrightURLLoader implements a validateurl function to prevent SSRF attacks by checking the IP address of the user-provided URL. However, this validation is performed only on the initial URL. Since Playwright automatically follows HTTP redirects 301/302 by default, an attacker c...
PT-2026-50590
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description The SafePlaywrightURLLoader uses a validate url function to prevent Server-Side Request Forgery SSRF by checking the IP address of a user-provided URL. However, this validation only occurs for the...