AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-45401: Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the v

highvulnerability

security

Source: NVD/CVE DatabaseMay 15, 2026CVE-2026-45401

Summary

Open WebUI, a self-hosted AI platform that runs offline, had a security flaw in versions before 0.9.5 where it only checked the first URL a user submitted but didn't check where that URL redirected to (HTTP redirects are automatic forwards to different addresses). This meant authenticated users could trick the system into accessing internal addresses like 127.0.0.1 or 169.254.169.254 (special private IP addresses) and read sensitive data from those internal systems.

Solution / Mitigation

This vulnerability is fixed in 0.9.5.

Vulnerability Details

CVSS Score

8.5(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Attack Vector

network

Attack Complexity

low

Privileges Required

low

User Interaction

none

Disclosure Date

May 15, 2026

Classification

Attack Type

Data Extraction

Attack SophisticationModerate

Impact (CIA+S)

confidentiality

AI Component TargetedAPI

Taxonomy References

CWE (Weakness Type)

CWE-918

CAPEC (Attack Pattern)

CAPEC-664

Affected Vendors

LangChain

Related Issues

medium

CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e

Same vendorNVD/CVE Database

critical

CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-

Same vendor

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-45401

First tracked: May 15, 2026 at 08:12 PM

Classified by LLM (prompt v3) · confidence: 95%