DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-34225: CVE-2026-34225: Blind Server-Side Request Forgery in Open WebUI Image Edit Endpoint

CVE-2026-34225: Blind Server-Side Request Forgery in Open WebUI Image Edit Endpoint

Vulnerability ID: CVE-2026-34225
CVSS Score: 4.3
Published: 2026-07-07

Open WebUI versions 0.7.2 and below contain a blind Server-Side Request Forgery (SSRF) vulnerability. The flaw exists within the image editing router, specifically inside the /api/v1/images/edit endpoint. An authenticated attacker with low privileges can exploit this endpoint to initiate asynchronous HTTP GET requests to local, private, or internal network services, mapping system resources and bypassing boundary restrictions.

TL;DR

Authenticated users can exploit a blind SSRF vulnerability in Open WebUI versions 0.7.2 and below via the image-edit endpoint. This allows scanning of the local address space, port discovery, and interaction with internal endpoints such as local databases or cloud metadata services.


⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-918
  • Attack Vector: Network (AV:N)
  • CVSS Score: 4.3 (Medium)
  • Exploit Status: Proof of Concept (PoC) Available
  • KEV Status: Not Listed
  • Impact: Low (Confidentiality)
  • Privileges Required: Low (PR:L)

Affected Systems

  • Open WebUI (open-webui/open-webui)
  • Open WebUI: <= 0.7.2 (Fixed in: 0.7.3)

Code Analysis

Commit: 2b26355

Refactor image edit and URL loading backend routines to secure endpoints, adding validation checks and safe asynchronous sessions to address potential server-side request forgery risks.

Exploit Details

Mitigation Strategies

  • Upgrade Open WebUI to version 0.7.3 or later to enforce connection-time IP validation.
  • Disable the image edit feature by setting ENABLE_IMAGE_EDIT=False in the environment configuration.
  • Apply strict outbound firewall rules (e.g., iptables, security groups) to prevent the container from communicating with local network blocks and loopback interfaces.

Remediation Steps:

  1. Identify all deployed instances of Open WebUI running version 0.7.2 or lower.
  2. Update the docker container tag or pull the latest source repository to update to version 0.7.3.
  3. Restart the Open WebUI service and verify that requests targeting localhost are rejected with a validation error.

References


Read the full report for CVE-2026-34225 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)