CVE-2026-34225
Blind SSRF in Open WebUI Image Editing Enables Local Port Scanning
Publication date: 2026-04-14
Last updated on: 2026-04-21
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openwebui | open_webui | to 0.7.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-34225 is a blind Server-Side Request Forgery (SSRF) vulnerability in the Open WebUI platform, specifically in the image editing functionality. The vulnerability occurs because the application performs an HTTP GET request to a user-provided URL without validating or restricting the domain or IP address.
Since the SSRF is blind, the attacker cannot see the response content but can infer whether the request succeeded or failed. This allows the attacker to perform port scanning on the local network by sending requests to different ports and observing the outcomes.
If the attacker identifies open ports and the services running on them expose state-changing GET endpoints, the attacker might interact with those services in a meaningful way.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to scan the local network ports from the vulnerable Open WebUI instance, identifying which ports are open.
If services running on these open ports have state-changing GET endpoints, the attacker may be able to interact with and potentially manipulate those services.
While the confidentiality impact is low and there is no direct integrity or availability impact, the ability to map internal network services can aid further attacks or reconnaissance.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to exploit the blind SSRF in the image edit functionality. Since the vulnerability allows sending GET requests to user-supplied URLs without restriction, you can test if the server performs these requests by sending crafted POST requests to the /api/v1/images/edit endpoint.
A suggested command to test for this vulnerability is a curl POST request with a JSON payload containing a URL pointing to an internal or local network address. For example, sending a request to scan ports by changing the port number in the URL and observing if the request succeeds or fails can indicate the presence of the SSRF.
- curl -X POST https://[target]/api/v1/images/edit -H 'Content-Type: application/json' -d '{"image": "http://localhost:PORT", "prompt": "test"}'
By iterating over different PORT values, you can infer which ports are open based on whether the request succeeds or fails, effectively performing a port scan via the SSRF.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to restrict user-provided URLs in the image edit functionality to prevent access to local address spaces and internal services.
Since no patched versions are available at the time of the advisory, you should implement validation to block URLs that point to local IP ranges or internal network addresses.
Additionally, consider disabling or restricting the image edit feature that accepts external URLs until a proper fix or update is released.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.