GHSA-jgx9-jr5x-mvpv: Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality
Open WebUI versions up to 0.7.2 contain a blind Server Side Request Forgery (SSRF) vulnerability in the image editing functionality. The vulnerable function performs an asynchronous GET request on a user-supplied URL without restricting the domain, allowing interaction with local network addresses. Because the SSRF is blind, attackers cannot see the response but can infer open ports on the local network by detecting request failures. This enables port scanning of the local network and potentially interacting with services that accept state-changing GET requests.
AI Analysis
Technical Summary
The vulnerability in Open WebUI (<=0.7.2) occurs in the image editing API endpoint, where a user-provided URL is passed to a function that blindly performs an asynchronous HTTP GET request. There is no domain restriction, allowing requests to local address space. The SSRF is blind, meaning the response content is not returned to the user, but response success or failure can be used to infer open ports on the local network. This can be exploited to perform port scanning and potentially interact with internal services if they expose state-changing GET endpoints.
Potential Impact
An attacker with authorized access can use the blind SSRF to scan ports on the local network by observing whether the GET request to a user-supplied URL succeeds or fails. This can reveal open services within the local address space. If any of these services accept state-changing GET requests, the attacker may be able to interact with them in a meaningful way, potentially leading to further compromise or unauthorized actions within the internal network.
Mitigation Recommendations
Restrict user-supplied URLs to prevent requests to local address space. Implement validation to block URLs pointing to localhost, private IP ranges, or other internal network addresses. Since no official patch or fix is currently provided, applying such URL restrictions is the recommended mitigation until an official fix is released. Monitor vendor advisories for updates.
GHSA-jgx9-jr5x-mvpv: Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality
Description
Open WebUI versions up to 0.7.2 contain a blind Server Side Request Forgery (SSRF) vulnerability in the image editing functionality. The vulnerable function performs an asynchronous GET request on a user-supplied URL without restricting the domain, allowing interaction with local network addresses. Because the SSRF is blind, attackers cannot see the response but can infer open ports on the local network by detecting request failures. This enables port scanning of the local network and potentially interacting with services that accept state-changing GET requests.
CVSS v3.1
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in Open WebUI (<=0.7.2) occurs in the image editing API endpoint, where a user-provided URL is passed to a function that blindly performs an asynchronous HTTP GET request. There is no domain restriction, allowing requests to local address space. The SSRF is blind, meaning the response content is not returned to the user, but response success or failure can be used to infer open ports on the local network. This can be exploited to perform port scanning and potentially interact with internal services if they expose state-changing GET endpoints.
Potential Impact
An attacker with authorized access can use the blind SSRF to scan ports on the local network by observing whether the GET request to a user-supplied URL succeeds or fails. This can reveal open services within the local address space. If any of these services accept state-changing GET requests, the attacker may be able to interact with them in a meaningful way, potentially leading to further compromise or unauthorized actions within the internal network.
Mitigation Recommendations
Restrict user-supplied URLs to prevent requests to local address space. Implement validation to block URLs pointing to localhost, private IP ranges, or other internal network addresses. Since no official patch or fix is currently provided, applying such URL restrictions is the recommended mitigation until an official fix is released. Monitor vendor advisories for updates.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-jgx9-jr5x-mvpv
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-34225"]
- Ecosystems
- ["PyPI"]
- Database Specific Severity
- MODERATE
- Cvss Version
- 3.1
Threat ID: 6a4e4f07c9d9e3dbe328de2b
Added to database: 07/08/2026, 13:22:15 UTC
Last enriched: 07/08/2026, 13:50:31 UTC
Last updated: 07/09/2026, 01:14:06 UTC
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.