Protection mechanism failure in Open WebUI - #VU136849
Published: July 3, 2026
Open WebUI
Detailed vulnerability description
The vulnerability allows a remote user to disclose sensitive information from administrator-blocked publicly resolvable hosts.
The vulnerability exists due to protection mechanism failure in WEB_FETCH_FILTER_LIST hostname filtering when processing server-side web fetch URLs. A remote user can trigger a server-side web fetch using a crafted URL to disclose sensitive information from administrator-blocked publicly resolvable hosts.
The issue affects the allow/block list used by RAG URL ingestion, URL-to-markdown, and web-search content fetch. Fetched content is returned to the requester. This issue does not bypass the separate always-on guard that blocks URLs resolving to non-global IP addresses when local web fetch is disabled, which is the default.