QSearchQSearch

CVE-2026-45347

4.3 MEDIUM

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline

Published: 2026-05-15 · Last updated: 2026-05-18

Severity and scoring

CVSS
4.3 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE
CWE-918

Affected products

VendorProduct
openwebuiopen_webui

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.11, there is a blind server side request forgery (SSRF) via the PDF generate function. In the PDF export, user inputs are interpreted as HTML and embedded into the PDF. According to tests, scripts and some potentially dangerous tags (iFrame, Object, etc.) are blocked, preventing server-side content from being read through this vulnerability. However, an image tag can be used to force a server-side request (SSRF), as shown in the following below. This vulnerability is fixed in 0.5.11.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-45667 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (6.5 MEDIUM)
  • CVE-2026-45666 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (6.5 MEDIUM)
  • CVE-2026-45665 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (8.1 HIGH)
  • CVE-2026-45365 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (5.4 MEDIUM)
  • CVE-2026-45351 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (6.5 MEDIUM)

Same CWE

  • CVE-2026-53859 OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-... (6.5 MEDIUM)
  • CVE-2026-47684 Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing (7.7 HIGH)
  • CVE-2025-60175 Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions (4.4 MEDIUM)
  • CVE-2026-50888 An authenticated Server-Side Request Forgery (SSRF) in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allow... (8.1 HIGH)
  • CVE-2026-50887 A Server-Side Request Forgery (SSRF) in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan inte... (9.1 CRITICAL)