{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-45400/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["open-webui (\u003c= 0.9.4)"],"_cs_severities":["high"],"_cs_tags":["ssrf","cve-2026-45400","open-webui","web-application","github-advisory"],"_cs_type":"threat","_cs_vendors":["pip"],"content_html":"\u003cp\u003eOpen WebUI versions 0.9.4 and earlier contain a server-side request forgery (SSRF) vulnerability (CVE-2026-45400) in the \u003ccode\u003evalidate_url\u003c/code\u003e function. The vulnerability arises from inconsistent URL parsing between the \u003ccode\u003eurlparse\u003c/code\u003e and \u003ccode\u003erequests\u003c/code\u003e libraries. Specifically, \u003ccode\u003eurlparse\u003c/code\u003e may interpret a URL like \u003ccode\u003ehttp://127.0.0.1:6666\\@1.1.1.1\u003c/code\u003e as pointing to the public IP address \u003ccode\u003e1.1.1.1\u003c/code\u003e, while the \u003ccode\u003erequests\u003c/code\u003e library interprets it as the internal IP address \u003ccode\u003e127.0.0.1:6666\u003c/code\u003e. This discrepancy allows an attacker to bypass the intended URL validation and make unauthorized requests to internal resources. Successful exploitation can lead to information disclosure or further internal network compromise. The vulnerability was reported on May 14, 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a malicious URL with the format \u003ccode\u003ehttp://127.0.0.1:6666\\@public.ip.address\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe user provides the crafted URL to Open WebUI, which uses the \u003ccode\u003evalidate_url\u003c/code\u003e function to validate the URL.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003evalidate_url\u003c/code\u003e function uses \u003ccode\u003eurllib.parse.urlparse\u003c/code\u003e to parse the hostname of the URL.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurllib.parse.urlparse\u003c/code\u003e incorrectly identifies the hostname as \u003ccode\u003epublic.ip.address\u003c/code\u003e due to the presence of the \u003ccode\u003e@\u003c/code\u003e symbol after the internal IP address.\u003c/li\u003e\n\u003cli\u003eThe validation logic considers \u003ccode\u003epublic.ip.address\u003c/code\u003e as a public IP and approves the URL.\u003c/li\u003e\n\u003cli\u003eThe application then uses the \u003ccode\u003erequests.get\u003c/code\u003e function to make a request to the validated URL.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003erequests.get\u003c/code\u003e interprets the URL differently and sends the request to the internal IP address \u003ccode\u003e127.0.0.1:6666\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker successfully makes a request to the internal IP address, achieving SSRF and potentially gaining access to sensitive information or internal services.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SSRF vulnerability (CVE-2026-45400) in Open WebUI can allow an attacker to bypass URL validation and make unauthorized requests to internal resources. This may lead to information disclosure, access to internal services, or further compromise of the internal network. The severity is rated as high due to the potential for significant impact on confidentiality and integrity. Affected organizations may experience data breaches or service disruptions.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to a patched version of Open WebUI that addresses the URL parsing discrepancy.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Open WebUI SSRF Attempt via Malicious URL\u003c/code\u003e to detect attempts to exploit this vulnerability.\u003c/li\u003e\n\u003cli\u003eReview and harden URL validation logic within the Open WebUI application to ensure consistent parsing across different libraries.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation and access controls to limit the impact of potential SSRF vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-14T20:37:19Z","date_published":"2026-05-14T20:37:19Z","id":"https://feed.craftedsignal.io/briefs/2026-05-open-webui-ssrf/","summary":"Open WebUI versions 0.9.4 and earlier are vulnerable to Server-Side Request Forgery (SSRF) due to a parsing difference between the urlparse and requests libraries in the `validate_url` function, allowing attackers to bypass URL validation and make requests to internal IP addresses.","title":"Open WebUI SSRF Vulnerability via URL Parsing Discrepancy (CVE-2026-45400)","url":"https://feed.craftedsignal.io/briefs/2026-05-open-webui-ssrf/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-45400","version":"https://jsonfeed.org/version/1.1"}