{"data":{"id":"0ab955cd-a629-4c08-b3df-06fed6e16ca3","title":"CVE-2026-45401: Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the v","summary":"Open WebUI, a self-hosted AI platform that runs offline, had a security flaw in versions before 0.9.5 where it only checked the first URL a user submitted but didn't check where that URL redirected to (HTTP redirects are automatic forwards to different addresses). This meant authenticated users could trick the system into accessing internal addresses like 127.0.0.1 or 169.254.169.254 (special private IP addresses) and read sensitive data from those internal systems.","solution":"This vulnerability is fixed in 0.9.5.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-45401","publishedAt":"2026-05-15T21:16:38.140Z","cveId":"CVE-2026-45401","cweIds":["CWE-918"],"cvssScore":"8.5","cvssSeverity":"high","severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Open WebUI","LangChain"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-15T21:16:38.140Z","capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}