python · open-webuiCritical

open-webui SSRF via OAuth picture URL redirect (CVE-2026-45401 sibling)

A new SSRF vulnerability (CVE-2026-45401 sibling) was discovered in open-webui <=0.

18 Jun 2026Read 1 minSeverity: act now

What changed

A new SSRF vulnerability (CVE-2026-45401 sibling) was discovered in open-webui <=0.9.5. The function `_process_picture_url` in `backend/open_webui/utils/oauth.py` validates the initial picture URL but then follows HTTP redirects without re-validation, allowing an attacker with a valid OAuth identity to read internal services via a redirect chain.

Who it affects

All deployments of open-webui <=0.9.5 with OAuth signup enabled (`ENABLE_OAUTH_SIGNUP=true`) or picture update on login enabled (`OAUTH_UPDATE_PICTURE_ON_LOGIN=true`).

What to do today

Upgrade to open-webui 0.9.6 or later immediately. If upgrade is not possible, set `AIOHTTP_CLIENT_ALLOW_REDIRECTS=false` in the environment and ensure the code passes `allow_redirects=AIOHTTP_CLIENT_ALLOW_REDIRECTS` to `session.get()` in `_process_picture_url`.

The trail

Collected→ Audited→ Written→ Published

Source

GitHub Advisory · open-webui

open-webui SSRF via OAuth picture URL redirect (CVE-2026-45401 sibling)

What changed

Who it affects

What to do today

More on open-webui

vllm: Temperature validation silently passes NaN and +Inf values

vllm: Fix three image processing issues (EXIF orientation, PNG tRNS, APNG/GIF frames)