Back to CVE List

CVE-2026-54008

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.5 / 10

Vulnerability Description

Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url` (incomplete-fix sibling of CVE-2026-45401)

Vulnerability Details

Published Date

June 17, 2026

Last Modified

June 17, 2026

Source

GitHub

Vendor

pip

Product

open-webui

External References

Discussion (0)

Add Comment

No comments yet. Be the first!