Loading market data...
← Back to CVE feed

CVE-2026-56399

MEDIUM CVSS 5.0 View on NVD ↗

Description

Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentially execute commands via instance secrets.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Published: Jun 30, 2026 23:17 UTC Modified: Jul 01, 2026 16:16 UTC