Search for vulnerabilities
| Vulnerability ID | VCID-22d8-rsah-vbg2 |
| Aliases |
CVE-2024-8053
GHSA-9vf8-xgwm-97r8 |
| Summary | In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload, potentially leading to server resource exhaustion and denial of service (DoS). Additionally, unauthorized users can misuse the endpoint to generate PDFs without verification, resulting in service misuse and potential operational and financial impacts. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 8.0 |
| Risk | 4.0 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| epss | 0.00729 | https://api.first.org/data/v1/epss?cve=CVE-2024-8053 |
| epss | 0.00729 | https://api.first.org/data/v1/epss?cve=CVE-2024-8053 |
| cvssv3.1 | 7.5 | https://github.com/open-webui/open-webui |
| generic_textual | HIGH | https://github.com/open-webui/open-webui |
| cvssv3 | 7.5 | https://huntr.com/bounties/ebe8c1fa-113b-4df9-be03-a406b9adb9f4 |
| cvssv3.1 | 7.5 | https://huntr.com/bounties/ebe8c1fa-113b-4df9-be03-a406b9adb9f4 |
| generic_textual | HIGH | https://huntr.com/bounties/ebe8c1fa-113b-4df9-be03-a406b9adb9f4 |
| ssvc | Track | https://huntr.com/bounties/ebe8c1fa-113b-4df9-be03-a406b9adb9f4 |
| cvssv3.1 | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-8053 |
| generic_textual | HIGH | https://nvd.nist.gov/vuln/detail/CVE-2024-8053 |
| Reference id | Reference type | URL |
|---|---|---|
| https://api.first.org/data/v1/epss?cve=CVE-2024-8053 | ||
| https://github.com/open-webui/open-webui | ||
| https://nvd.nist.gov/vuln/detail/CVE-2024-8053 | ||
| ebe8c1fa-113b-4df9-be03-a406b9adb9f4 | https://huntr.com/bounties/ebe8c1fa-113b-4df9-be03-a406b9adb9f4 | |
| GHSA-9vf8-xgwm-97r8 | https://github.com/advisories/GHSA-9vf8-xgwm-97r8 |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Percentile | 0.7312 |
| EPSS Score | 0.00729 |
| Published At | June 11, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-10T18:28:41.885165+00:00 | Vulnrichment | Import | https://github.com/cisagov/vulnrichment/blob/develop/2024/8xxx/CVE-2024-8053.json | 38.6.0 |