PatchSiren cyber security CVE debrief
CVE-2026-54018 open-webui CVE debrief
CVE-2026-54018 is a Server-Side Request Forgery (SSRF) vulnerability in Open WebUI, a self-hosted artificial intelligence platform. The vulnerability arises from the platform's failure to validate URLs after HTTP redirects, allowing attackers to access internal services despite protective configurations. This issue was fixed in version 0.9.6. The vulnerability has a CVSS score of 7.7 and is considered high severity. The CVE was published on June 23, 2026, and modified on June 25, 2026.
- Vendor
- open-webui
- Product
- Unknown
- CVSS
- HIGH 7.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-23
- Original CVE updated
- 2026-06-25
- Advisory published
- 2026-06-23
- Advisory updated
- 2026-06-25
Who should care
Security teams and administrators of Open WebUI installations should be aware of this vulnerability. The vulnerability allows attackers to bypass security configurations and access internal services, making it a significant concern for organizations using Open WebUI. Immediate action is recommended to upgrade to version 0.9.6 or apply compensating controls.
Technical summary
The Open WebUI platform, prior to version 0.9.6, implements a validate_url function in the SafePlaywrightURLLoader to prevent SSRF attacks. However, this validation only occurs for the initial URL and not for subsequent HTTP redirects. An attacker can exploit this by providing a safe URL that redirects to a restricted internal network address, such as localhost or a Docker container network. This allows the application to access internal services even when ENABLE_RAG_LOCAL_WEB_FETCH is set to False. The vulnerability is fixed in version 0.9.6.
Defensive priority
High priority should be given to upgrading Open WebUI to version 0.9.6. In the interim, defenders should review their current configurations and consider applying compensating controls to mitigate the risk of SSRF attacks.
Recommended defensive actions
- Upgrade Open WebUI to version 0.9.6 or later.
- Review and restrict access to internal services.
- Implement additional monitoring for suspicious URL requests.
- Consider applying network-level protections to restrict access to sensitive services.
- Verify ENABLE_RAG_LOCAL_WEB_FETCH is set to False and review its impact on your configuration.
Evidence notes
The CVE-2026-54018 vulnerability was identified in Open WebUI, a self-hosted AI platform. The issue arises from inadequate URL validation during HTTP redirects, allowing potential SSRF attacks. The CVE has a CVSS score of 7.7, indicating high severity. The vulnerability was publicly disclosed on June 23, 2026, and the CVE record was last modified on June 25, 2026. The fix for this vulnerability is included in version 0.9.6 of Open WebUI.
Official resources
-
CVE-2026-54018 CVE record
CVE.org
-
CVE-2026-54018 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Vendor Advisory, Mitigation
This article is AI-assisted and based on the supplied source corpus.