CVE-2026-45331 | open-webui Open WebUI up to 0.8.x utils.py validate_url server-side request forgery (GHSA-4v7r-f4w8-8972)

A vulnerability was found in open-webui Open WebUI up to 0.8.x and classified as critical. Affected is the function validate_url of the file backend/open_webui/retrieval/web/utils.py. The manipulation results in server-side request forgery.

This vulnerability is reported as CVE-2026-45331. The attack can be launched remotely. No exploit exists.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More