Summary In the open-webui project, a parsing difference between the urlparse and requests libraries led to an SSRF bypass vulnerability. Details In the current project, URL validation is performed using the function val…
| CVE ID | CVE-2026-45400 |
| Vendor | pip |
| Affected Product | open-webui |
| Vulnerability Type | Vulnerability |
| CVSS Score | 8.5 (HIGH) |
| Actively Exploited | ❌ No known exploitation |
| Patch Status | See Vendor Advisory → |
| Reported By | CYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories) |
#
In the open-webui project, a parsing difference between the urlparse and requests libraries led to an SSRF bypass vulnerability.
In the current project, URL validation is performed using the function validate_url. The current checking logic uses urlparse to parse the hostname part of the URL for verification. However, there are actually differences in parsing between urlparse and the library that actually sends the request. For example, in files.py, validate_url is used first for URL validation, and then requests.get is used to send the request. The core issue: urlparse() and requests disagree on which host a URL like http://127.0.0.1:6666\@1.1.1.1 points to: - urlparse() treats \ as a regular character and @ as the userinfo-host delimiter, so it extract
Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.