All 5 CVE vulnerabilities found in Open WebUI, with AI-generated Chinese analysis, references, and POCs.
Vendor: Open WebUI
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-0767 | Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability CWE-319 | 6.5 | - | 2026-01-23 |
| CVE-2026-0766 | Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability CWE-94 | 8.8 | - | 2026-01-23 |
| CVE-2026-0765 | Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability CWE-78 | 8.8 | - | 2026-01-23 |
| CVE-2024-6707 | Open WebUI Arbitrary File Upload + Path Traversal CWE-22 | 9.8AI | CriticalAI | 2024-08-07 |
| CVE-2024-6706 | Open WebUI Stored Cross-Site Scripting CWE-79 | 6.1AI | MediumAI | 2024-08-07 |
All 5 known CVE vulnerabilities affecting Open WebUI with full Chinese analysis, references, and POCs where available.