Description
Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentially execute commands via instance secrets.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Tue, 30 Jun 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentially execute commands via instance secrets. | |
| Title | Open WebUI - Server-Side Request Forgery via Location Redirect in /api/v1/retrieval/process/web | |
| First Time appeared |
Openwebui
Openwebui open Webui |
|
| Weaknesses | CWE-918 | |
| CPEs | cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Openwebui
Openwebui open Webui |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-06-30T22:08:40.248Z
Reserved: 2026-06-21T12:37:58.435Z
Link: CVE-2026-56399
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-918
Server-Side Request Forgery (SSRF)