CVE-2026-45400

EUVD-2026-30636
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, a parsing difference between the urlparse and requests libraries led to an SSRF bypass vulnerability. This vulnerability is fixed in 0.9.5.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.5 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
openwebuiopen_webui
𝑥
< 0.9.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/open-webui/open-webui/security/advisories/GHSA-8w7q-q5jp-jvgx
https://github.com/open-webui/open-webui/security/advisories/GHSA-8w7q-q5jp-jvgx