The vulnerability is a server‑side request forgery bypass triggered by a parsing inconsistency between the urlparse module and the requests library. This flaw forces the application to inadvertently send outbound HTTP requests to arbitrary hosts when validating user‑supplied URLs, enabling attackers to reach internal or restricted services. The weakness directly maps to CWE‑918 and can compromise confidentiality and availability of internal resources, but it does not allow code execution on the host. The CVSS score of 8.5 reflects a high risk for adversaries who can supply a crafted URL.

The affected vendor is Open WebUI, the product name is also Open WebUI, and all versions prior to 0.9.5 are vulnerable. The platform is a self‑hosted artificial intelligence application that operates offline, so the threat surface includes local network resources accessed by the container or host environment.

Because the flaw is triggered by user input that is validated by the application's URL parser, an attacker can simply provide a specially crafted address to the validate_url endpoint. The exploit does not require additional privileges, and there are no known mitigations beyond patching. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, though the high severity indicates that exploitation is plausible if an attacker can interact with the endpoint. The risk is elevated for environments that expose Open WebUI to untrusted input or the internet.