CVE-2026-34225
Received Received - Intake
Blind SSRF in Open WebUI Image Editing Enables Local Port Scanning

Publication date: 2026-04-14

Last updated on: 2026-04-21

Assigner: GitHub, Inc.

Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that allows editing an image via a prompt. The affected function performs a GET request to a user-provided URL with no restriction on the domain, allowing the local address space to be accessed. Since the SSRF is blind (the response cannot be read), the primary impact is port scanning of the local network, as whether a port is open can be determined based on whether the GET request succeeds or fails. These response differentials can be automated to iterate through the entire port range and identify open ports. If the service running on an open port can be inferred, an attacker may be able to interact with it in a meaningful way, provided the service offers state-changing GET request endpoints. This issue was unresolved at the time of publication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-14
Last Modified
2026-04-21
Generated
2026-06-16
AI Q&A
2026-04-14
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34225
EUVD
EUVD-2026-22188
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openwebui open_webui to 0.7.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-34225 is a blind Server-Side Request Forgery (SSRF) vulnerability in the Open WebUI platform, specifically in the image editing functionality. The vulnerability occurs because the application performs an HTTP GET request to a user-provided URL without validating or restricting the domain or IP address.

Since the SSRF is blind, the attacker cannot see the response content but can infer whether the request succeeded or failed. This allows the attacker to perform port scanning on the local network by sending requests to different ports and observing the outcomes.

If the attacker identifies open ports and the services running on them expose state-changing GET endpoints, the attacker might interact with those services in a meaningful way.

Impact Analysis

This vulnerability can allow an attacker to scan the local network ports from the vulnerable Open WebUI instance, identifying which ports are open.

If services running on these open ports have state-changing GET endpoints, the attacker may be able to interact with and potentially manipulate those services.

While the confidentiality impact is low and there is no direct integrity or availability impact, the ability to map internal network services can aid further attacks or reconnaissance.

Detection Guidance

This vulnerability can be detected by attempting to exploit the blind SSRF in the image edit functionality. Since the vulnerability allows sending GET requests to user-supplied URLs without restriction, you can test if the server performs these requests by sending crafted POST requests to the /api/v1/images/edit endpoint.

A suggested command to test for this vulnerability is a curl POST request with a JSON payload containing a URL pointing to an internal or local network address. For example, sending a request to scan ports by changing the port number in the URL and observing if the request succeeds or fails can indicate the presence of the SSRF.

  • curl -X POST https://[target]/api/v1/images/edit -H 'Content-Type: application/json' -d '{"image": "http://localhost:PORT", "prompt": "test"}'

By iterating over different PORT values, you can infer which ports are open based on whether the request succeeds or fails, effectively performing a port scan via the SSRF.

Mitigation Strategies

The immediate mitigation step is to restrict user-provided URLs in the image edit functionality to prevent access to local address spaces and internal services.

Since no patched versions are available at the time of the advisory, you should implement validation to block URLs that point to local IP ranges or internal network addresses.

Additionally, consider disabling or restricting the image edit feature that accepts external URLs until a proper fix or update is released.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34225. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart