3 matches found
CVE-2026-47684
CVE-2026-47684 — Sync-in Server SSRF bypass (IPv4-mapped IPv6 addresses) Affected product: Sync-in Server (file storage/sharing/collaboration). Vulnerability: The private IP blocklist regex (regExpPrivateIP) used in the URL download feature does not match IPv4-mapped IPv6 addresses (e.g., ::ffff:...
CVE-2026-45401 Open WebUI: SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the validateurl function in backend/openwebui/retrieval/web/utils.py only validates the initial URL submitted by the caller. The HTTP clients used downstream sync requests, async...
LMDeploy has Server-Side Request Forgery (SSRF) via Vision-Language Image Loading
Summary A Server-Side Request Forgery SSRF vulnerability exists in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, an...