Primary

Context

Open WebUI Server-Side Request Forgery Bypass Vulnerability

Vulnerability

Patched

A server-side request forgery (SSRF) bypass vulnerability has been identified in Open WebUI versions prior to 0.9.5. This vulnerability arises from a parsing discrepancy between the urlparse and requests libraries, allowing maliciously crafted URLs to bypass validation and access internal resources.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can manipulate server-side requests to access internal services or resources.

Reproduction

The vulnerability can be reproduced by sending a request with a URL that includes a backslash followed by an '@' symbol, such as 'http://127.0.0.1:6666\@1.1.1.1'. The 'validate_url' function will parse this as a public IP address, bypassing the intended validation and allowing access to the internal service.

Remediation

Users are advised to update to Open WebUI version 0.9.5 or later, where this vulnerability has been patched.

Added: May 15, 2026, 9:23 PM

Updated: May 15, 2026, 9:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

4.0

remediation

7.7

relevance

8.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

4.0

remediation

7.7

relevance

8.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open WebUI Server-Side Request Forgery Bypass Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Open WebUI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating