Open WebUI has a Server-Side Request Forgery (SSRF) bypass in `validate_url` · CVE-2026-45400 · GitHub Advisory Database · GitHub

Open WebUI has a Server-Side Request Forgery (SSRF) bypass in `validate_url`

High severity GitHub Reviewed Published May 10, 2026 in open-webui/open-webui • Updated May 15, 2026

0 Open 0 Closed

No open alerts for this advisory

Give feedback on Dependabot alerts

⚡