CVE Catalog

CVE-2026-56399

MediumCVSS 5.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

24th percentile — higher than 24% of all known CVEs

Summary

An SSRF vulnerability in Open WebUI before version 0.6.27 in the /api/v1/retrieval/process/web endpoint allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentially execute commands via instance secrets.

Risk Assessment

The risk includes unauthorized access to internal services and the ability to execute commands, which could lead to system compromise and sensitive data leakage.

Recommendation

It is recommended to immediately upgrade Open WebUI to version 0.6.27 or later, which fixes this vulnerability. Additionally, restrict access to the /api/v1/retrieval/process/web endpoint to trusted users only.

Original NVD description (English source)

Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentially execute commands via instance secrets.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS