CVE Catalog

CVE-2026-54018

HighCVSS 7.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile — higher than 21% of all known CVEs

Summary

Open WebUI is an artificial intelligence platform that prior to version 0.9.6 had a vulnerability in the validate_url function in SafePlaywrightURLLoader, allowing SSRF attacks. The URL validation was only performed on the initial URL, enabling attackers to bypass protections using HTTP redirects.

Risk Assessment

The organization may be exposed to unauthorized access to internal services, potentially leading to data leaks or system compromises. An attacker could exploit this vulnerability to direct traffic to restricted network addresses.

Recommendation

It is recommended to update Open WebUI to version 0.9.6 or later to eliminate this vulnerability. Additionally, conducting a security audit to identify potential risks associated with URL redirections is advisable.

Original NVD description (English source)

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the SafePlaywrightURLLoader implements a validate_url function to prevent SSRF attacks by checking the IP address of the user-provided URL. However, this validation is performed only on the initial URL. Since Playwright automatically follows HTTP redirects (301/302) by default, an attacker can bypass the validation by providing a safe URL that redirects to a restricted internal network address (e.g., localhost, Docker container network, or Cloud Metadata). This allows the application to access internal services despite ENABLE_RAG_LOCAL_WEB_FETCH being set to False This vulnerability is fixed in 0.9.6.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS