CVE Catalog

CVE-2026-54008

HighCVSS 8.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

In Open WebUI prior to version 0.9.6, a vulnerability allows an attacker with a valid OAuth identity to submit a public URL that redirects to an internal address. This enables the attacker to read the internal response from their own profile_image_url field.

Risk Assessment

The organization may be exposed to the disclosure of sensitive internal data, potentially leading to serious security breaches.

Recommendation

It is recommended to upgrade to version 0.9.6 or later to mitigate this vulnerability.

Original NVD description (English source)

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backend/open_webui/utils/oauth.py::_process_picture_url calls validate_url(picture_url) on the initial URL only, then invokes aiohttp.ClientSession.get(picture_url, ...) without allow_redirects=False. aiohttp's default is allow_redirects=True, max_redirects=10; the function does not pass the project's AIOHTTP_CLIENT_ALLOW_REDIRECTS env constant either. An attacker with a valid OAuth IdP identity can therefore submit a public URL that 302-redirects to an internal address and read the internal response body via the attacker's own profile_image_url field. This vulnerability is fixed in 0.9.6.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS