PatchSiren cyber security CVE debrief
CVE-2026-45400 open-webui CVE debrief
A parsing discrepancy between Python's urlparse and the requests library in Open WebUI prior to version 0.9.5 enables Server-Side Request Forgery (SSRF) bypass. The vulnerability arises when URL validation logic using urlparse produces different results than the actual HTTP request handling performed by requests, allowing attackers to craft URLs that pass validation but trigger unintended outbound requests. This is classified as CWE-918 (Server-Side Request Forgery). The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N indicates network attack vector, low complexity, low privileges required, no user interaction, changed scope, high confidentiality impact, low integrity impact, and no availability impact. The vulnerability was published on 2026-05-15 and last modified on 2026-05-19. No known exploitation in ransomware campaigns has been reported, and the vulnerability is not listed in CISA KEV.
- Vendor
- open-webui
- Product
- Unknown
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-15
- Original CVE updated
- 2026-05-19
- Advisory published
- 2026-05-15
- Advisory updated
- 2026-05-19
Who should care
Organizations running self-hosted Open WebUI instances, particularly those with network access to sensitive internal resources. Security teams responsible for AI/ML platform security and infrastructure teams managing offline AI deployments should prioritize patching.
Technical summary
Open WebUI versions prior to 0.9.5 contain a Server-Side Request Forgery vulnerability caused by inconsistent URL parsing between Python's urlparse module and the requests library. This parsing difference allows crafted URLs to bypass validation checks and trigger unauthorized outbound HTTP requests. The vulnerability requires low privileges to exploit and can result in high confidentiality impact with scope change, potentially affecting resources beyond the vulnerable component itself. The fix in version 0.9.5 addresses the parsing inconsistency.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Open WebUI to version 0.9.5 or later to remediate the SSRF bypass vulnerability
- Review URL validation logic in custom Open WebUI deployments for similar urlparse/requests parsing discrepancies
- Implement defense-in-depth SSRF protections including URL allowlist enforcement and network egress controls
- Monitor application logs for anomalous outbound HTTP requests that may indicate exploitation attempts
- Validate that any URL parsing libraries used for security decisions are consistent with actual request handling libraries
Evidence notes
CVE description confirms SSRF bypass via urlparse/requests parsing difference. NVD analysis confirms affected versions prior to 0.9.5 with fix in 0.9.5. GitHub Security Advisory tagged as both Exploit and Vendor Advisory. CVSS 8.5 HIGH severity with scope change indicating potential impact beyond vulnerable component.
Official resources
-
CVE-2026-45400 CVE record
CVE.org
-
CVE-2026-45400 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Vendor Advisory
2026-05-15T21:16:38.003Z