CVE-2026-56399
MediumCVSS 5.0Exploitation Probability (EPSS)
Low risk24th percentile — higher than 24% of all known CVEs
Summary
An SSRF vulnerability in Open WebUI before version 0.6.27 in the /api/v1/retrieval/process/web endpoint allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentially execute commands via instance secrets.
Risk Assessment
The risk includes unauthorized access to internal services and the ability to execute commands, which could lead to system compromise and sensitive data leakage.
Recommendation
It is recommended to immediately upgrade Open WebUI to version 0.6.27 or later, which fixes this vulnerability. Additionally, restrict access to the /api/v1/retrieval/process/web endpoint to trusted users only.
Original NVD description (English source)
Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentially execute commands via instance secrets.

