SSRF Vulnerability in bigsk1/openai-realtime-ui (CVE-2026-5803)

Vulnerability Overview CVE ID: CVE-2026-5803 Vulnerability Name: bigsk1 openai-realtime-ui API Proxy Endpoint server.js Query server-side request forgery Vulnerability Type: Server-Side Request Forgery (SSRF) Severity: Critical CVSS Score: CVSSv3: Base Score 6.3, Temporal Score 5.7 CVSSv2: Base Score 6.3 Description: A vulnerability exists in the API Proxy Endpoint component within the file of the project (up to commit ). This is an unknown function vulnerability. Attackers can trigger a Server-Side Request Forgery (SSRF) by manipulating input within the parameter. The vulnerability allows for remote attacks and has publicly available Proof of Concept (PoC) code. Affected Scope Affected Project: bigsk1/openai-realtime-ui Affected Versions: and earlier Affected Component: API Proxy Endpoint (specifically the file) Exploitation Conditions: Remote attack, no authentication required (Access: Public / Authentication: None) Remediation Patch Version: Remediation Advice: It is recommended to apply the patch. The patch is available for download on GitHub. Reference Links: Advisory: Exploit/PoC: POC / Exploit Code The page does not directly provide specific code blocks but indicates that the Proof of Concept (PoC) can be downloaded from GitHub. Related Resource Links: Advisory: Exploit: * Patch Commit:

Goal Reached Thanks to every supporter — we hit 100%!

SSRF Vulnerability in bigsk1/openai-realtime-ui (CVE-2026-5803)