Browse all 5 CVE security advisories affecting Open WebUI. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-0767 | Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability — Open WebUICWE-319 | 6.5 | - | 2026-01-23 |
| CVE-2026-0766 | Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability — Open WebUICWE-94 | 8.8 | - | 2026-01-23 |
| CVE-2026-0765 | Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability — Open WebUICWE-78 | 8.8 | - | 2026-01-23 |
| CVE-2024-6707 | Open WebUI Arbitrary File Upload + Path Traversal — Open WebUICWE-22 | 9.8AI | CriticalAI | 2024-08-07 |
| CVE-2024-6706 | Open WebUI Stored Cross-Site Scripting — Open WebUICWE-79 | 6.1AI | MediumAI | 2024-08-07 |
This page lists every published CVE security advisory associated with Open WebUI. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.