CVE-2026-5803: A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f3893468f53b2797c. The aff
Summary
A security vulnerability (CVE-2026-5803) was found in bigsk1 openai-realtime-ui that allows attackers to perform SSRF (server-side request forgery, where an attacker tricks a server into making unwanted requests to other systems) through the API Proxy Endpoint in server.js by manipulating a query argument, and this flaw can be exploited remotely. The product uses continuous delivery with rolling releases, so specific affected versions are not documented.
Solution / Mitigation
Install the patch named 54f8f50f43af97c334a881af7b021e84b5b8310f to address this issue.
Vulnerability Details
6.3(medium)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
network
low
low
none
April 8, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-5803
First tracked: April 8, 2026 at 08:07 PM
Classified by LLM (prompt v3) · confidence: 75%