Server-Side Request Forgery (SSRF) in Open WebUI - #VU130946
Published: May 11, 2026
Vulnerability identifier: #VU130946
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-918
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Open WebUI
Open WebUI
Software vendor:
Open WebUI
Open WebUI
Description
The vulnerability allows a remote user to trigger arbitrary server-side GET requests.
The vulnerability exists due to server-side request forgery in the PDF generate function when processing user-supplied HTML during PDF export. A remote user can inject a crafted image tag to trigger arbitrary server-side GET requests.
The issue is blind, so responses could not be read during testing, but internal assets may be enumerated through response delays.
Remediation
Install security update from vendor's website.