Attack Chain

1. The attacker crafts a malicious URL with the format http://127.0.0.1:6666\@public.ip.address.
2. The user provides the crafted URL to Open WebUI, which uses the validate_url function to validate the URL.
3. The validate_url function uses urllib.parse.urlparse to parse the hostname of the URL.
4. urllib.parse.urlparse incorrectly identifies the hostname as public.ip.address due to the presence of the @ symbol after the internal IP address.
5. The validation logic considers public.ip.address as a public IP and approves the URL.
6. The application then uses the requests.get function to make a request to the validated URL.
7. requests.get interprets the URL differently and sends the request to the internal IP address 127.0.0.1:6666.
8. The attacker successfully makes a request to the internal IP address, achieving SSRF and potentially gaining access to sensitive information or internal services.

Impact

Successful exploitation of this SSRF vulnerability (CVE-2026-45400) in Open WebUI can allow an attacker to bypass URL validation and make unauthorized requests to internal resources. This may lead to information disclosure, access to internal services, or further compromise of the internal network. The severity is rated as high due to the potential for significant impact on confidentiality and integrity. Affected organizations may experience data breaches or service disruptions.

Recommendation

• Upgrade to a patched version of Open WebUI that addresses the URL parsing discrepancy.
• Deploy the Sigma rule Detect Open WebUI SSRF Attempt via Malicious URL to detect attempts to exploit this vulnerability.
• Review and harden URL validation logic within the Open WebUI application to ensure consistent parsing across different libraries.
• Implement network segmentation and access controls to limit the impact of potential SSRF vulnerabilities.