Home/Product/openwebui open webui
Product

openwebui open webui

95 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-45667
< 0.8.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v1/mem
6.5MEDIUM
 CVE-2026-45666
< 0.8.11
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v
6.5MEDIUM
 CVE-2026-45665
< 0.8.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-
8.1HIGH
 CVE-2026-45365
< 0.8.11
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, an internal-on
5.4MEDIUM
 CVE-2026-45351
< 0.8.9
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular
6.5MEDIUM
 CVE-2026-45350
< 0.8.6
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vuln
7.1HIGH
 CVE-2026-45347
< 0.5.11
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.11, there is a bli
4.3MEDIUM
 CVE-2026-45346
< 0.6.31
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.31, there is a Cro
5.4MEDIUM
 CVE-2026-45345
< 0.5.7
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.7, a user can modi
6.5MEDIUM
 CVE-2026-45338
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a Server-Side R
7.7HIGH
 CVE-2026-45318
< 0.9.3
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, his advisory tr
5.4MEDIUM
 CVE-2026-45317
< 0.9.3
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, an application-
4.6MEDIUM
 CVE-2026-45316
< 0.9.3
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the POST /api/v
3.5LOW
 CVE-2026-45315
< 0.9.3
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio trans
8.7HIGH
 CVE-2026-45314
< 0.9.3
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the channel web
6.1MEDIUM
 CVE-2026-45303
< 0.6.5
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.5, through the HTM
7.7HIGH
 CVE-2026-45301
< 0.3.16
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a missing perm
8.1HIGH
 CVE-2026-45299
< 0.8.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, the profile_ima
5.4MEDIUM
 CVE-2026-44571
< 0.8.6
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, in standard cha
6.5MEDIUM
 CVE-2026-44570
< 0.6.19
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authorization
8.3HIGH
 CVE-2026-45402
< 0.9.5
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, multiple endpoi
8.1HIGH
 CVE-2026-45395
< 0.9.5
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the tool update
7.2HIGH
 CVE-2026-45387
< 0.9.5
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, when setting mo
4.3MEDIUM
 CVE-2026-45386
< 0.9.5
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, Pin/Unpin is a
4.3MEDIUM
 CVE-2026-45385
< 0.9.5
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnera
4.3MEDIUM
 CVE-2026-44721
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a stored cross-
7.3HIGH
 CVE-2026-45675
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAu
8.1HIGH
 CVE-2026-45671
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticat
8.0HIGH
 CVE-2026-45399
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticat
7.1HIGH
 CVE-2026-45349
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a user just nee
7.1HIGH
 CVE-2026-45339
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI allo
6.5MEDIUM
 CVE-2026-45331
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validate_url()
8.5HIGH
 CVE-2026-44568
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the AccountPend
4.8MEDIUM
 CVE-2026-44564
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:docume
5.4MEDIUM
 CVE-2026-44563
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /api/genera
5.4MEDIUM
 CVE-2026-44562
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v
6.5MEDIUM
 CVE-2026-44561
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the is_user_cha
5.4MEDIUM
 CVE-2026-44560
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the type: "file
6.5MEDIUM
 CVE-2026-44559
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the GET /api/v1
4.3MEDIUM
 CVE-2026-44558
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the channel rou
5.4MEDIUM
 CVE-2026-44557
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the _validate_c
4.3MEDIUM
 CVE-2026-44556
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /responses
7.1HIGH
 CVE-2026-44555
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI supp
7.6HIGH
 CVE-2026-44554
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v
8.1HIGH
 CVE-2026-44553
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative
8.1HIGH
 CVE-2026-44552
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the tool_server
8.7HIGH
 CVE-2026-44551
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authen
9.1CRITICAL
 CVE-2026-44550
< 0.9.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, FolderForm uses
5.0MEDIUM
 CVE-2026-34225
<= 0.7.2
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contai
4.3MEDIUM
 CVE-2026-34222
< 0.8.11
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there
7.7HIGH
 CVE-2026-29071
< 0.8.6
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any aut
3.1LOW
 CVE-2026-29070
< 0.8.6
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an acce
5.4MEDIUM
 CVE-2026-28788
< 0.8.6
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any aut
7.1HIGH
 CVE-2026-28786
< 0.8.6
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsa
4.3MEDIUM
 CVE-2026-26193
< 0.6.44
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.44, aanual
7.3HIGH
 CVE-2026-26192
< 0.7.0
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.7.0, aanuall
7.3HIGH
 CVE-2026-0767
all versions
Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent
6.5MEDIUM
 CVE-2026-0766
all versions
Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attacker
8.8HIGH
 CVE-2026-0765
all versions
Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability. This vulnerability allows r
8.8HIGH
 CVE-2025-63391
<= 0.6.32
An authentication bypass vulnerability exists in Open-WebUI <=0.6.32 in the /api/config endpoint. The endpoint lacks proper authen
7.5HIGH
 CVE-2025-65959
< 0.6.37
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Stored XSS v
8.7HIGH
 CVE-2025-65958
< 0.6.37
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Server-Side
8.5HIGH
 CVE-2025-63681
all versions
open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without
4.3MEDIUM
 CVE-2025-64496
< 0.6.35
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.6.224 and prior cont
7.3HIGH
 CVE-2025-64495
< 0.6.35
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. In versions 0.6.34 and below, t
8.7HIGH
 CVE-2025-46719
< 0.6.6
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulne
5.4MEDIUM
 CVE-2025-46571
< 0.6.6
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, low pri
5.4MEDIUM
 CVE-2025-29446
all versions
open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection.
3.3LOW
 CVE-2024-8053
all versions
In version v0.3.10 of open-webui/open-webui, the api/v1/utils/pdf endpoint lacks authentication mechanisms, allowing unauthentic
8.2HIGH
 CVE-2024-8017
<= 0.3.8
An XSS vulnerability exists in open-webui/open-webui versions <= 0.3.8, specifically in the function that constructs the HTML for
9.0CRITICAL
 CVE-2024-7990
all versions
A stored cross-site scripting (XSS) vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in t
8.4HIGH
 CVE-2024-7983
all versions
In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously craft
7.5HIGH
 CVE-2024-7959
all versions
The /openai/models endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attac
7.7HIGH
 CVE-2024-7806
<= 0.3.8
A vulnerability in open-webui/open-webui versions <= 0.3.8 allows remote code execution by non-admin users via Cross-Site Request
8.8HIGH
 CVE-2024-7053
all versions
A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation
9.0CRITICAL
 CVE-2024-7046
all versions
An improper access control vulnerability in open-webui/open-webui v0.3.8 allows an attacker to view admin details. The application
4.3MEDIUM
 CVE-2024-7045
all versions
In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The app
4.3MEDIUM
 CVE-2024-7044
all versions
A Stored Cross-Site Scripting (XSS) vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.
8.9HIGH
 CVE-2024-7043
all versions
An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The applic
8.8HIGH
 CVE-2024-7040
all versions
In version v0.3.8 of open-webui/open-webui, there is an improper access control vulnerability. On the frontend admin page, adminis
4.9MEDIUM
 CVE-2024-7039
all versions
In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attack
6.7MEDIUM
 CVE-2024-7036
all versions
A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the '
7.5HIGH
 CVE-2024-7035
all versions
In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. T
6.9MEDIUM
 CVE-2024-7034
all versions
In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-
7.2HIGH
 CVE-2024-7033
all versions
In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the download_model endpoint. When deplo
7.2HIGH
 CVE-2024-12537
all versions
In version 0.3.32 of open-webui/open-webui, the absence of authentication mechanisms allows any unauthenticated attacker to access
7.5HIGH
 CVE-2024-12534
all versions
In version v0.3.32 of open-webui/open-webui, the application allows users to submit large payloads in the email and password field
7.5HIGH
 CVE-2024-7049
all versions
In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs
5.4MEDIUM
 CVE-2024-7048
all versions
In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/
5.4MEDIUM
 CVE-2024-7041
all versions
An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs
6.5MEDIUM
 CVE-2024-7037
all versions
In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete du
7.2HIGH
 CVE-2024-7038
all versions
An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model up
2.7LOW
 CVE-2024-6707
all versions
Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulner
8.8HIGH
 CVE-2024-6706
all versions
Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the w
6.1MEDIUM
 CVE-2024-30256
< 0.1.117
Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vu
6.4MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin