CVE-2026-5803: Server-Side Request Forgery in bigsk1 openai-realtime-ui
CVE-2026-5803 is a server-side request forgery (SSRF) vulnerability in the bigsk1 openai-realtime-ui product, specifically in an unknown function within the server. js file of the API Proxy Endpoint component. The vulnerability allows remote attackers to manipulate a query argument to induce SSRF. The issue affects versions up to commit 188ccde27fdf3d8fab8da81f3893468f53b2797c. A patch identified by commit 54f8f50f43af97c334a881af7b021e84b5b8310f is suggested to address the issue. The CVSS 4. 0 base score is 5. 3, indicating medium severity. No official remediation level or detailed vendor advisory is provided, and no known exploits in the wild have been reported.
AI Analysis
Technical Summary
This vulnerability in bigsk1 openai-realtime-ui involves server-side request forgery via manipulation of a query argument in the API Proxy Endpoint's server.js file. The flaw allows remote attackers to cause the server to make unintended requests. The affected version is identified by a specific commit hash, and a patch commit is available, though no detailed vendor advisory or official remediation status is provided. The CVSS 4.0 score rates this as a medium severity issue with network attack vector, low attack complexity, no privileges required, and no user interaction needed.
Potential Impact
Successful exploitation of this SSRF vulnerability could allow an attacker to make the vulnerable server perform unauthorized requests to internal or external systems, potentially leading to information disclosure or further network reconnaissance. The medium CVSS score reflects limited impact due to low privileges required but with some impact on confidentiality, integrity, and availability. No known active exploits have been reported at this time.
Mitigation Recommendations
A patch identified by commit 54f8f50f43af97c334a881af7b021e84b5b8310f is suggested to remediate this vulnerability. Since the product uses continuous delivery with rolling releases, users should update to the latest version containing this patch. Patch status is not explicitly confirmed by a vendor advisory; therefore, users should verify the application of this patch in their environment. No additional vendor guidance is available.
CVE-2026-5803: Server-Side Request Forgery in bigsk1 openai-realtime-ui
Description
CVE-2026-5803 is a server-side request forgery (SSRF) vulnerability in the bigsk1 openai-realtime-ui product, specifically in an unknown function within the server. js file of the API Proxy Endpoint component. The vulnerability allows remote attackers to manipulate a query argument to induce SSRF. The issue affects versions up to commit 188ccde27fdf3d8fab8da81f3893468f53b2797c. A patch identified by commit 54f8f50f43af97c334a881af7b021e84b5b8310f is suggested to address the issue. The CVSS 4. 0 base score is 5. 3, indicating medium severity. No official remediation level or detailed vendor advisory is provided, and no known exploits in the wild have been reported.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in bigsk1 openai-realtime-ui involves server-side request forgery via manipulation of a query argument in the API Proxy Endpoint's server.js file. The flaw allows remote attackers to cause the server to make unintended requests. The affected version is identified by a specific commit hash, and a patch commit is available, though no detailed vendor advisory or official remediation status is provided. The CVSS 4.0 score rates this as a medium severity issue with network attack vector, low attack complexity, no privileges required, and no user interaction needed.
Potential Impact
Successful exploitation of this SSRF vulnerability could allow an attacker to make the vulnerable server perform unauthorized requests to internal or external systems, potentially leading to information disclosure or further network reconnaissance. The medium CVSS score reflects limited impact due to low privileges required but with some impact on confidentiality, integrity, and availability. No known active exploits have been reported at this time.
Mitigation Recommendations
A patch identified by commit 54f8f50f43af97c334a881af7b021e84b5b8310f is suggested to remediate this vulnerability. Since the product uses continuous delivery with rolling releases, users should update to the latest version containing this patch. Patch status is not explicitly confirmed by a vendor advisory; therefore, users should verify the application of this patch in their environment. No additional vendor guidance is available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-08T14:37:04.019Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d6bc281cc7ad14daadeae8
Added to database: 4/8/2026, 8:35:52 PM
Last enriched: 4/16/2026, 12:23:05 PM
Last updated: 5/23/2026, 3:15:01 PM
Views: 73
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.