CVE-2026-45347 - Vulnerability Details

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.11, there is a blind server side request forgery (SSRF) via the PDF generate function. In the PDF export, user inputs are interpreted as HTML and embedded into the PDF. According to tests, scripts and some potentially dangerous tags (iFrame, Object, etc.) are blocked, preventing server-side content from being read through this vulnerability. However, an image tag can be used to force a server-side request (SSRF), as shown in the following below. This vulnerability is fixed in 0.5.11.

Published: 2026-05-15

Score: 4.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the PDF generation feature of Open WebUI, where user supplied HTML is rendered into a PDF. While scripts and other dangerous tags are rejected, an image tag can be employed to trigger a server‑side GET request. This blind SSRF does not allow data theft directly but permits the attacker to probe internal services or potentially pivot further within the network, constituting a moderate confidentiality and availability risk.

Affected Systems

The affected product is Open WebUI. The CVE payload does not specify which specific versions are impacted; the fix was released in release 0.5.11 but no version information is provided to confirm whether later releases are fully secure.

Risk and Exploitability

With a CVSS score of 4.3, the risk is moderate. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is inferred to be a crafted image tag included in the HTML sent to the PDF export endpoint; authentication requirements are not specified in the description, but the feature is generally available to users with access to the interface.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

open-webui

affected

Version	Status	Constraints
`< 0.5.11`	affected	—

No data.

Vendor Product Confidence Versions

Open-webui

100%

Version	Status	Scheme	Platform
`[0,0.5.11)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Open WebUI to version 0.5.11 or later to apply the vendor fix.
If an upgrade is not immediately possible, block or remove the image tag from the PDF export input or sanitize all outbound requests originating from the PDF generation service.
Configure network controls to restrict outbound connections from the Open WebUI server to internal addresses, reducing the impact of any remaining SSRF vectors.

Generated by OpenCVE AI on May 15, 2026 at 23:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-f776-fp4w-266c	Open WebUI vulnerable to blind server side request forgery (SSRF) via the PDF generate function

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00026.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/open-webui/open-webui/security/advisories/GHSA-f776-fp4w-266c

History

Fri, 15 May 2026 22:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Open-webui Open-webui open-webui
Vendors & Products		Open-webui Open-webui open-webui

Fri, 15 May 2026 21:30:00 +0000

Type	Values Removed	Values Added
Description		Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.11, there is a blind server side request forgery (SSRF) via the PDF generate function. In the PDF export, user inputs are interpreted as HTML and embedded into the PDF. According to tests, scripts and some potentially dangerous tags (iFrame, Object, etc.) are blocked, preventing server-side content from being read through this vulnerability. However, an image tag can be used to force a server-side request (SSRF), as shown in the following below. This vulnerability is fixed in 0.5.11.
Title		Open WebUI: Blind server side request forgery (SSRF) via the PDF generate function
Weaknesses		CWE-918
References		https://github.com/open-webui/open-webui/security/advisories/GHSA-f776-fp4w-266c
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}`

Subscriptions

Open-webui Open-webui

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-05-15T21:12:30.169Z

Updated: 2026-05-15T21:12:30.169Z

Reserved: 2026-05-11T21:40:08.177Z

Link: CVE-2026-45347

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-15T22:16:55.190

Modified: 2026-05-15T22:16:55.190

Link: CVE-2026-45347

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-15T23:30:10Z

Weaknesses

CWE-918

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object