diff --git a/backend/open_webui/tools/builtin.py b/backend/open_webui/tools/builtin.py
index b438759e10..594a7d24ac 100644
--- a/backend/open_webui/tools/builtin.py
+++ b/backend/open_webui/tools/builtin.py
@@ -168,8 +168,8 @@ async def search_web(
         engine = __request__.app.state.config.WEB_SEARCH_ENGINE
         user = UserModel(**__user__) if __user__ else None
 
-        # Use admin-configured result count if configured, falling back to model-provided count of provided, else default to 5
-        count = __request__.app.state.config.WEB_SEARCH_RESULT_COUNT or count
+        # Enforce maximum result count from config to prevent abuse
+        count = count if count < __request__.app.state.config.WEB_SEARCH_RESULT_COUNT else __request__.app.state.config.WEB_SEARCH_RESULT_COUNT
 
         results = await asyncio.to_thread(_search_web, __request__, engine, query, user)