Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

open-webui — Vulnerabilities & Security Advisories 115

Browse all 115 CVE security advisories affecting open-webui. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Open-webui serves as a self-hosted, feature-rich interface for interacting with large language models, primarily enabling users to deploy and manage AI applications locally or within private networks. Its architecture, which bridges web clients with backend model services, has historically exposed it to critical vulnerabilities, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and improper access control issues. With forty recorded CVEs, the software frequently suffers from insecure direct object references and authentication bypasses, often stemming from complex integration layers between the UI and underlying model APIs. Recent incidents highlight risks related to unvalidated file uploads and session management flaws, allowing attackers to escalate privileges or execute arbitrary commands. These recurring security gaps underscore the necessity for rigorous input validation and strict permission controls when deploying open-webui in production environments, particularly given its role in handling sensitive data interactions.

Top products by open-webui: open-webui open-webui/open-webui
CVE IDTitleCVSSSeverityPublished
CVE-2026-44557 Open WebUI: Global Knowledge Base Enumeration via knowledge-bases Meta-Collection — open-webuiCWE-863 4.3 Medium2026-05-15
CVE-2026-44558 Open WebUI: Channel Access Grants Bypass filter_allowed_access_grants — open-webuiCWE-862 5.4 Medium2026-05-15
CVE-2026-44559 Open WebUI: Missing Access Check on Channel Members Endpoint for Standard Channels — open-webuiCWE-862 4.3 Medium2026-05-15
CVE-2026-44560 Open WebUI: Unauthorized File and Knowledge Base Content Access via RAG Vector Search — open-webuiCWE-862 6.5 Medium2026-05-15
CVE-2026-44561 Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels — open-webuiCWE-863 5.4 Medium2026-05-15
CVE-2026-44562 Open WebUI: Model Import Overwrites Any Model Without Ownership Check — open-webuiCWE-862 6.5 Medium2026-05-15
CVE-2026-44563 Open WebUI: Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show — open-webuiCWE-862 5.4 Medium2026-05-15
CVE-2026-44564 Open WebUI: Read-Only Users Can Modify Collaborative Documents via Socket.IO — open-webuiCWE-863 5.4 Medium2026-05-15
CVE-2026-44568 Open WebUI: Stored XSS in Pending User Overlay via Incorrect DOMPurify Application Order — open-webuiCWE-79 4.8 Medium2026-05-15
CVE-2026-45331 Open WebUI: Full SSRF Vulnerability in the RAG Web Search Feature — open-webuiCWE-918 8.5 High2026-05-15
CVE-2026-45339 Open WebUI: API key endpoint restrictions bypassed via `x-api-key` header — full message processing on restricted endpoints — open-webuiCWE-863 6.5 Medium2026-05-15
CVE-2026-45349 Open WebUI: Broken Access Control for Completions API — open-webuiCWE-639 7.1 High2026-05-15
CVE-2026-45399 Open WebUI: Low-privilege authenticated users can enumerate and stop global background tasks, causing system-wide chat disruption — open-webuiCWE-862 7.1 High2026-05-15
CVE-2026-45671 Open WebUI: shared-chat branch ignores access_type, allowing unauthorized file deletion — open-webuiCWE-639 8.0 High2026-05-15
CVE-2026-45675 Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts — open-webuiCWE-269 8.1 High2026-05-15
CVE-2026-34225 Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality — open-webuiCWE-918 4.3 Medium2026-04-14
CVE-2026-34222 Open WebUI has Broken Access Control in Tool Valves — open-webuiCWE-285 7.7 High2026-04-01
CVE-2026-29071 Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories — open-webuiCWE-639 3.1 Low2026-03-26
CVE-2026-29070 Open WebUI has unauthorized deletion of knowledge files — open-webuiCWE-862 5.4 Medium2026-03-26
CVE-2026-28788 Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite — open-webuiCWE-639 7.1 High2026-03-26
CVE-2026-28786 Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions` — open-webuiCWE-22 4.3 Medium2026-03-26
CVE-2026-26193 Open WebUI vulnerable to Stored XSS via iFrame embeds in response messages — open-webuiCWE-79 7.3 High2026-02-19
CVE-2026-26192 Open WebUI vulnerable to Stored XSS via iFrame in citations model — open-webuiCWE-79 7.3 High2026-02-19
CVE-2025-65959 Open WebUI vulnerable to Stored DOM XSS via Note 'Download PDF' — open-webuiCWE-79 8.7 High2025-12-04
CVE-2025-65958 Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web — open-webuiCWE-918 8.5 High2025-12-04
CVE-2025-64496 Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events — open-webuiCWE-95 7.3 High2025-11-08
CVE-2025-64495 Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE — open-webuiCWE-79 8.7 High2025-11-08
CVE-2025-46719 Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions — open-webuiCWE-79 8.2AIHighAI2025-05-05
CVE-2025-46571 Open WebUI vulnerable to limited stored XSS vila uploaded html file — open-webuiCWE-79 5.4AIMediumAI2025-05-05
CVE-2024-8017 Cross-site Scripting (XSS) in open-webui/open-webui — open-webui/open-webuiCWE-79 5.4 -2025-03-20

This page lists every published CVE security advisory associated with open-webui. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.