PatchSiren cyber security CVE debrief
CVE-2026-45338 Openwebui CVE debrief
CVE-2026-45338 is a high-severity Server-Side Request Forgery (SSRF) issue in Open WebUI affecting versions before 0.9.0. According to the vendor advisory and NVD record, the flaw is in _process_picture_url() in backend/open_webui/utils/oauth.py, where URLs from OAuth picture claims are fetched without validate_url() being applied. That can let an attacker make the server request arbitrary internal or otherwise protected HTTP endpoints and return the full response content.
- Vendor
- Openwebui
- Product
- Open Webui
- CVSS
- HIGH 7.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-15
- Original CVE updated
- 2026-05-18
- Advisory published
- 2026-05-15
- Advisory updated
- 2026-05-18
Who should care
Administrators and operators running self-hosted Open WebUI instances, especially those using OAuth-based login flows that process profile picture URLs. Security teams should also care if the deployment can reach internal services, metadata endpoints, or other sensitive network locations from the application host.
Technical summary
The vulnerability is an SSRF in the OAuth picture URL processing path. NVD records CVSS 3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N with a 7.7 HIGH score and CWE-918. The issue is described as fetching arbitrary URLs from OAuth picture claims without validate_url(), which permits server-originated HTTP requests to internal resources and exposure of the response body. The affected version range is all versions before 0.9.0, and the issue is fixed in 0.9.0.
Defensive priority
High. This is network-reachable, does not require user interaction, and can expose sensitive internal data from the Open WebUI server environment. Prioritize patching to 0.9.0 and validating whether the application host could access sensitive internal targets before remediation.
Recommended defensive actions
- Upgrade Open WebUI to version 0.9.0 or later.
- Review OAuth configurations and any features that ingest profile picture URLs or similar external URL claims.
- Restrict outbound network access from the Open WebUI host to only required destinations, especially internal subnets and metadata services.
- Monitor application and proxy logs for unexpected outbound requests originating from Open WebUI.
- If patching is delayed, reduce exposure by disabling or limiting the relevant OAuth picture URL handling path where operationally feasible.
Evidence notes
The CVE record was published on 2026-05-15 and modified on 2026-05-18. The NVD record lists the vulnerability as analyzed, maps it to CWE-918, and shows the affected CPE range as open_webui versions before 0.9.0. The GitHub Security Advisory linked in NVD is the vendor reference used for mitigation context. The issue description supplied in the CVE data states that _process_picture_url() fetches arbitrary URLs from OAuth picture claims without validate_url(), enabling SSRF and response exfiltration.
Official resources
-
CVE-2026-45338 CVE record
CVE.org
-
CVE-2026-45338 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Mitigation, Vendor Advisory
Publicly disclosed in the official CVE and NVD records on 2026-05-15, with the record updated on 2026-05-18. No KEV listing was provided in the supplied data.