CVE-2026-5803

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions bigsk1 openai-realtime-ui versions up to 188ccde27fdf3d8fab8da81f3893468f53b2797c

Description A security flaw exists in bigsk1 openai-realtime-ui. The issue is located in an unknown function within the server.js file of the API Proxy Endpoint component. Manipulation of the Query argument can lead to server-side request forgery (SSRF). This attack can be initiated remotely. The exploit is publicly available.

Recommendations Install patch 54f8f50f43af97c334a881af7b021e84b5b8310f to address this issue.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2026-5803

Affected Products

Openai-Realtime-Ui

CVE-2026-5803

Weakness Enumeration

Related Identifiers

Affected Products

References · 10