This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
History

Thu, 16 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Title SSRF in open-webui/open-webui
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 16 Jul 2026 16:00:00 +0000

Type Values Removed Values Added
Description The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the attacker to access internal services and potentially gain command execution by accessing instance secrets. This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Mon, 21 Jul 2025 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Openwebui
Openwebui open Webui
CPEs cpe:2.3:a:openwebui:open_webui:0.3.8:*:*:*:*:*:*:*
Vendors & Products Openwebui
Openwebui open Webui
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}


Thu, 20 Mar 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 20 Mar 2025 10:15:00 +0000

Type Values Removed Values Added
Description The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the attacker to access internal services and potentially gain command execution by accessing instance secrets.
Title SSRF in open-webui/open-webui
Weaknesses CWE-918
References
Metrics cvssV3_0

{'score': 7.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}


cve-icon MITRE

Status: REJECTED

Assigner: @huntr_ai

Published:

Updated: 2026-07-16T15:37:19.664Z

Reserved: 2024-08-19T18:44:27.054Z

Link: CVE-2024-7959

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Analyzed

Published: 2025-03-20T10:15:38.257

Modified: 2026-06-17T08:21:32.727

Link: CVE-2024-7959

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-12T22:45:27Z