Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentially execute commands via instance secrets.
Metrics
Affected Vendors & Products
References
History
Tue, 30 Jun 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentially execute commands via instance secrets. | |
| Title | Open WebUI - Server-Side Request Forgery via Location Redirect in /api/v1/retrieval/process/web | |
| First Time appeared |
Openwebui
Openwebui open Webui |
|
| Weaknesses | CWE-918 | |
| CPEs | cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Openwebui
Openwebui open Webui |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-06-30T22:08:40.248Z
Reserved: 2026-06-21T12:37:58.435Z
Link: CVE-2026-56399
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-01T00:15:05Z