Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

open-webui — Vulnerabilities & Security Advisories 115

Browse all 115 CVE security advisories affecting open-webui. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Open-webui serves as a self-hosted, feature-rich interface for interacting with large language models, primarily enabling users to deploy and manage AI applications locally or within private networks. Its architecture, which bridges web clients with backend model services, has historically exposed it to critical vulnerabilities, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and improper access control issues. With forty recorded CVEs, the software frequently suffers from insecure direct object references and authentication bypasses, often stemming from complex integration layers between the UI and underlying model APIs. Recent incidents highlight risks related to unvalidated file uploads and session management flaws, allowing attackers to escalate privileges or execute arbitrary commands. These recurring security gaps underscore the necessity for rigorous input validation and strict permission controls when deploying open-webui in production environments, particularly given its role in handling sensitive data interactions.

Top products by open-webui: open-webui open-webui/open-webui
CVE IDTitleCVSSSeverityPublished
CVE-2026-54007 Open WebUI: Cross-origin postMessage confirmation bypass via action:submit — open-webuiCWE-346--2026-06-23
CVE-2026-54006 Open WebUI: Calendar event re-parenting allows writing events into another user's calendar — open-webuiCWE-639 4.3 Medium2026-06-23
CVE-2026-54008 Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url` — open-webuiCWE-918 8.5 High2026-06-23
CVE-2026-54009 Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field — open-webuiCWE-639 6.5 Medium2026-06-23
CVE-2026-54010 Open WebUI: Forged chat-file link allows cross-user file read and deletion — open-webuiCWE-284 8.3 High2026-06-23
CVE-2026-54011 Open WebUI: Stored XSS in Mermaid Markdown Preview — open-webuiCWE-79 8.7 High2026-06-23
CVE-2026-54012 Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion — open-webuiCWE-284 7.1 High2026-06-23
CVE-2026-54013 Open WebUI: Stored XSS to Account Takeover via Model Profile Images in Open WebUI — open-webuiCWE-79 7.6 High2026-06-23
CVE-2026-54014 Open WebUI: Sibling-Prefix Path Traversal via /cache/{path} in open-webui/open-webui — open-webuiCWE-22 4.3 Medium2026-06-23
CVE-2026-54015 Open WebUI: Prompt history IDOR: unbound history_id allows cross-prompt read and deletion — open-webuiCWE-284 6.4 Medium2026-06-23
CVE-2026-54016 Open WebUI: Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base File Enumeration — open-webuiCWE-639 4.3 Medium2026-06-23
CVE-2026-54018 Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects — open-webuiCWE-918 7.7 High2026-06-23
CVE-2026-54019 Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode — open-webuiCWE-862 6.5 Medium2026-06-23
CVE-2026-54021 Open WebUI: Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameter — open-webuiCWE-863 6.3 Medium2026-06-23
CVE-2026-54022 Open WebUI: Any authenticated user can read other users' private notes via Socket.IO — open-webuiCWE-706 5.3 Medium2026-06-23
CVE-2026-54017 Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal — open-webuiCWE-22 7.7 High2026-06-18
CVE-2026-45338 Open WebUI: SSRF via OAuth Profile Picture URL in _process_picture_url (oauth.py) — open-webuiCWE-918 7.7 High2026-05-15
CVE-2026-44549 Open WebUI: Stored XSS in excel file preview — open-webuiCWE-79 7.3 High2026-05-15
CVE-2026-45299 Open WebUI: Stored Cross-Site Scripting In Profile Picture — open-webuiCWE-79 5.4 Medium2026-05-15
CVE-2026-45665 Open WebUI: Stored XSS in Banner Component via Improper Sanitization Order — open-webuiCWE-79 8.1 High2026-05-15
CVE-2026-45667 Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS) — open-webuiCWE-862 6.5 Medium2026-05-15
CVE-2026-44565 Open WebUI: Open WebUI Arbitrary File Write, Delete via Path Traversal — open-webuiCWE-22 8.1 High2026-05-15
CVE-2026-45314 Open WebUI: XSS via SVG in /api/v1/channels/webhooks/{webhook_id}/profile/image — open-webuiCWE-87--2026-05-15
CVE-2026-45316 Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access) — open-webuiCWE-863 3.5 Low2026-05-15
CVE-2026-45317 Open WebUI: Cross-Site Request Forgery (CSRF) via Image URL Manipulation — open-webuiCWE-20 4.6 Medium2026-05-15
CVE-2026-45318 Open WebUI: Stored XSS via unsanitized Office/Excel/DOCX file preview rendering ({@html} without DOMPurify) — open-webuiCWE-79 5.4 Medium2026-05-15
CVE-2026-45315 Open WebUI: Stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions — open-webuiCWE-79 8.7 High2026-05-15
CVE-2026-44571 Open WebUI: Improper Authorization in Standard Channels Allows Message Updates with Read Permission — open-webuiCWE-862 6.5 Medium2026-05-15
CVE-2026-45350 Open WebUI: Chat completion API allows tool restrictions to be bypassed — open-webuiCWE-862 7.1 High2026-05-15
CVE-2026-45303 Open WebUI: Stored XSS via the HTML renedering view — open-webuiCWE-79 7.7 High2026-05-15

This page lists every published CVE security advisory associated with open-webui. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.