CVE-2026-54018
Błąd w Open WebUI umożliwia atak SSRF przez przekierowania do wewnętrznych adresów.
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the SafePlaywrightURLLoader implements a validate_url function to prevent SSRF attacks by checking the IP address of the user-provided URL. However, this validation is performed only on the initial URL. Since Playwright automatically follows HTTP redirects (301/302) by default, an attacker can bypass the validation by providing a safe URL that redirects to a restricted internal network address (e.g., localhost, Docker container network, or Cloud Metadata). This allows the application to access internal services despite ENABLE_RAG_LOCAL_WEB_FETCH being set to False This vulnerability is fixed in 0.9.6.
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.7 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.3% |
| Opublikowano (NVD) | 2026-06-23 18:18:07 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-25 14:30:18 UTC |
- https://github.com/open-webui/open-webui/security/advisories/GHSA-jrfp-m64g-pcwv (security-advisories@github.com) [Exploit, Vendor Advisory, Mitigation]