CVE-2026-56399
Open WebUI - Server-Side Request Forgery via Location Redirect in /api/v1/retrieval/process/web
CVSS Score
5.0
EPSS Score
0.0%
EPSS Percentile
0th
Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentially execute commands via instance secrets.
| CWE | CWE-918 |
| Vendor | open-webui |
| Product | open-webui |
| Published | Jun 30, 2026 |
Stay Ahead of the Next One
Get instant alerts for open-webui open-webui
Be the first to know when new medium vulnerabilities affecting open-webui open-webui are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None
Affected Versions
open-webui / open-webui
0 < 0.6.27
References
github.com: https://github.com/open-webui/open-webui/security/advisories/GHSA-82r6-c5jm-f3mw github.com: https://github.com/open-webui/open-webui/commit/02238d3113e966c353fce18f1b65117380896774 vulncheck.com: https://www.vulncheck.com/advisories/open-webui-server-side-request-forgery-via-location-redirect-in-api-v1-retrieval-process-web
Credits
๐ Mosstrow