These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-45350 is a high-severity authorization flaw in Open WebUI’s chat completion API. Prior to 0.8.6, user-controlled tool selection parameters could be used to reach tools the caller was not permitted to use, creating a tool restriction bypass that may enable unauthorized actions through server-side credentials. The vendor-fixed version is 0.8.6.
CVE-2026-45346 is a medium-severity cross-site scripting issue in Open WebUI’s SVG renderer implementation. According to the vendor-linked advisory and NVD record, the vulnerability affects versions prior to 0.6.31 and is fixed in 0.6.31. The NVD entry classifies the weakness as CWE-80 and shows a CVSS 4.0 vector indicating network exposure with low attack complexity, but requiring low privileges and user [truncated]
CVE-2026-45338 is a high-severity Server-Side Request Forgery (SSRF) issue in Open WebUI affecting versions before 0.9.0. According to the vendor advisory and NVD record, the flaw is in _process_picture_url() in backend/open_webui/utils/oauth.py, where URLs from OAuth picture claims are fetched without validate_url() being applied. That can let an attacker make the server request arbitrary internal or oth [truncated]
CVE-2026-45401 is a high-severity server-side request forgery issue in Open WebUI before 0.9.5. The URL validation logic checks only the original user-supplied URL, while downstream HTTP clients follow redirects by default without re-checking the final destination. That allows an authenticated user to point the application at a public URL that redirects to an internal or metadata IP and retrieve the inter [truncated]