CVE-2026-45401 – open-webui
CVSS 8.5
IMPORTANT
“AI platforms become dangerous attack surfaces when backend requests can be silently redirected.”
A patch was released for a high-severity vulnerability affecting open-webui. CVE-2026-45401 has a CVSS score of 8.5, which is High severity.
The vulnerability is tied to server-side request forgery behavior that could allow attackers to force affected systems to send unintended backend requests. Public proof-of-concept code is available. The update strengthens request validation controls and reduces the risk of unauthorized internal network access and backend service exposure.
Key Details
- Affected Product
- Openwebui Open Webui
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- CWE Classification
- CWE-918
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.