CVE-2026-45347 open-webui CVE debrief

Who should care

Organizations self-hosting Open WebUI, especially those using the PDF export/generate feature with untrusted or semi-trusted user input. Security and platform teams should also care if the application server can reach internal services or external networks from the outbound path used during PDF generation.

Technical summary

According to the advisory and NVD record, user input in the PDF export path is interpreted as HTML and embedded into the generated PDF. Although scripts, iframe, object, and similar tags were blocked, an img tag could still force server-side outbound requests, creating a blind SSRF condition. NVD lists the weakness as CWE-918 and a CVSS v3.1 vector of AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N (4.3).

Defensive priority

Medium. The issue requires some level of authenticated access, but SSRF in a server-side export pipeline can still be useful for network probing or unintended outbound access, especially in environments with sensitive internal connectivity.

Recommended defensive actions

• Upgrade Open WebUI to version 0.5.11 or later.
• Review whether the PDF export/generate feature accepts untrusted content and restrict it where possible.
• Apply outbound network egress controls from the Open WebUI host or container to reduce SSRF reach.
• Monitor application and proxy logs for unexpected outbound requests during PDF generation.
• Reassess any internal-only services that are reachable from the Open WebUI runtime network path.

Evidence notes

This debrief is based on the NVD record for CVE-2026-45347, which references the GitHub Security Advisory GHSA-f776-fp4w-266c and classifies the issue as CWE-918. The source description states the vulnerability affects Open WebUI prior to 0.5.11 and that scripts and some dangerous tags are blocked while an img tag can still force a server-side request. The source item contains no CPE criteria, and the vendor field is unresolved in the provided metadata.

Official resources