CVE-2026-34225: Blind Server-Side Request Forgery in Open WebUI Image Edit Endpoint
Vulnerability ID: CVE-2026-34225
CVSS Score: 4.3
Published: 2026-07-07
Open WebUI versions 0.7.2 and below contain a blind Server-Side Request Forgery (SSRF) vulnerability. The flaw exists within the image editing router, specifically inside the /api/v1/images/edit endpoint. An authenticated attacker with low privileges can exploit this endpoint to initiate asynchronous HTTP GET requests to local, private, or internal network services, mapping system resources and bypassing boundary restrictions.
TL;DR
Authenticated users can exploit a blind SSRF vulnerability in Open WebUI versions 0.7.2 and below via the image-edit endpoint. This allows scanning of the local address space, port discovery, and interaction with internal endpoints such as local databases or cloud metadata services.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-918
- Attack Vector: Network (AV:N)
- CVSS Score: 4.3 (Medium)
- Exploit Status: Proof of Concept (PoC) Available
- KEV Status: Not Listed
- Impact: Low (Confidentiality)
- Privileges Required: Low (PR:L)
Affected Systems
- Open WebUI (open-webui/open-webui)
-
Open WebUI: <= 0.7.2 (Fixed in:
0.7.3)
Code Analysis
Commit: 2b26355
Refactor image edit and URL loading backend routines to secure endpoints, adding validation checks and safe asynchronous sessions to address potential server-side request forgery risks.
Exploit Details
- GitHub Security Advisory: GHSA-jgx9-jr5x-mvpv: Blind Server-Side Request Forgery in Image Edit Functionality
Mitigation Strategies
- Upgrade Open WebUI to version 0.7.3 or later to enforce connection-time IP validation.
- Disable the image edit feature by setting ENABLE_IMAGE_EDIT=False in the environment configuration.
- Apply strict outbound firewall rules (e.g., iptables, security groups) to prevent the container from communicating with local network blocks and loopback interfaces.
Remediation Steps:
- Identify all deployed instances of Open WebUI running version 0.7.2 or lower.
- Update the docker container tag or pull the latest source repository to update to version 0.7.3.
- Restart the Open WebUI service and verify that requests targeting localhost are rejected with a validation error.
References
- GitHub Security Advisory (GHSA-jgx9-jr5x-mvpv)
- NVD CVE Record (CVE-2026-34225)
- Primary Source Code Repository
- Authoritative CVE Registry
Read the full report for CVE-2026-34225 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)