| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-34225 | Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality | open-webui | open-webui | Medium | 4.3 | 2026-04-14 01:39:07 | Deep Dive |
| CVE-2026-34222 | Open WebUI has Broken Access Control in Tool Valves | open-webui | open-webui | High | 7.7 | 2026-04-01 17:02:22 | Deep Dive |
| CVE-2026-29071 | Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories | open-webui | open-webui | Low | 3.1 | 2026-03-26 23:54:38 | Deep Dive |
| CVE-2026-29070 | Open WebUI has unauthorized deletion of knowledge files | open-webui | open-webui | Medium | 5.4 | 2026-03-26 23:39:33 | Deep Dive |
| CVE-2026-28788 | Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite | open-webui | open-webui | High | 7.1 | 2026-03-26 23:38:21 | Deep Dive |
| CVE-2026-28786 | Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions` | open-webui | open-webui | Medium | 4.3 | 2026-03-26 23:37:26 | Deep Dive |
| CVE-2025-15603 | open-webui JWT Key start_windows.bat random values | - | open-webui | Low | 3.7 | 2026-03-09 20:32:06 | Deep Dive |
| CVE-2026-26193 | Open WebUI vulnerable to Stored XSS via iFrame embeds in response messages | open-webui | open-webui | High | 7.3 | 2026-02-19 19:15:03 | Deep Dive |
| CVE-2026-26192 | Open WebUI vulnerable to Stored XSS via iFrame in citations model | open-webui | open-webui | High | 7.3 | 2026-02-19 19:10:52 | Deep Dive |
| CVE-2026-0767 | Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability | Open WebUI | Open WebUI | 中危 | - | 2026-01-23 03:28:40 | Deep Dive |
| CVE-2026-0766 | Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability | Open WebUI | Open WebUI | 高危 | - | 2026-01-23 03:28:36 | Deep Dive |
| CVE-2026-0765 | Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability | Open WebUI | Open WebUI | 高危 | - | 2026-01-23 03:28:32 | Deep Dive |
| CVE-2025-65959 | Open WebUI vulnerable to Stored DOM XSS via Note 'Download PDF' | open-webui | open-webui | High | 8.7 | 2025-12-04 20:46:37 | Deep Dive |
| CVE-2025-65958 | Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web | open-webui | open-webui | High | 8.5 | 2025-12-04 19:55:13 | Deep Dive |
| CVE-2025-64496 | Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events | open-webui | open-webui | High | 7.3 | 2025-11-08 01:29:03 | Deep Dive |
| CVE-2025-64495 | Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE | open-webui | open-webui | High | 8.7 | 2025-11-08 01:25:49 | Deep Dive |
| CVE-2025-46719 | Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions | open-webui | open-webui | - | - | 2025-05-05 18:50:57 | Deep Dive |
| CVE-2025-46571 | Open WebUI vulnerable to limited stored XSS vila uploaded html file | open-webui | open-webui | - | - | 2025-05-05 18:45:30 | Deep Dive |
| CVE-2024-8017 | Cross-site Scripting (XSS) in open-webui/open-webui | open-webui | open-webui/open-webui | 超危 | - | 2025-03-20 10:11:31 | Deep Dive |
| CVE-2024-7053 | Session Fixation in open-webui/open-webui | open-webui | open-webui/open-webui | 高危 | - | 2025-03-20 10:11:16 | Deep Dive |