Browse all 5 CVE security advisories affecting Open WebUI. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Open WebUI serves as a web-based interface for interacting with large language models, primarily functioning as a user-friendly frontend for Ollama. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with five CVEs currently documented. The application's security posture has been impacted by issues such as insufficient input validation and improper access controls, though no major public security incidents have been widely reported. Its open-source nature allows for community scrutiny, but users should remain vigilant about potential exploits and maintain regular updates to mitigate risks associated with its web interface components.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-0767 | Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability — Open WebUICWE-319 | 6.5 | - | 2026-01-23 |
| CVE-2026-0766 | Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability — Open WebUICWE-94 | 8.8 | - | 2026-01-23 |
| CVE-2026-0765 | Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability — Open WebUICWE-78 | 8.8 | - | 2026-01-23 |
| CVE-2024-6707 | Open WebUI Arbitrary File Upload + Path Traversal — Open WebUICWE-22 | 9.8AI | CriticalAI | 2024-08-07 |
| CVE-2024-6706 | Open WebUI Stored Cross-Site Scripting — Open WebUICWE-79 | 6.1AI | MediumAI | 2024-08-07 |
This page lists every published CVE security advisory associated with Open WebUI. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.