Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

open-webui — Vulnerabilities & Security Advisories 100

Browse all 100 CVE security advisories affecting open-webui. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Open-webui serves as a self-hosted, feature-rich interface for interacting with large language models, primarily enabling users to deploy and manage AI applications locally or within private networks. Its architecture, which bridges web clients with backend model services, has historically exposed it to critical vulnerabilities, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and improper access control issues. With forty recorded CVEs, the software frequently suffers from insecure direct object references and authentication bypasses, often stemming from complex integration layers between the UI and underlying model APIs. Recent incidents highlight risks related to unvalidated file uploads and session management flaws, allowing attackers to escalate privileges or execute arbitrary commands. These recurring security gaps underscore the necessity for rigorous input validation and strict permission controls when deploying open-webui in production environments, particularly given its role in handling sensitive data interactions.

Top products by open-webui: open-webui open-webui/open-webui
CVE IDTitleCVSSSeverityPublished
CVE-2026-54017 Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal — open-webuiCWE-22 7.7 High2026-06-18
CVE-2026-45338 Open WebUI: SSRF via OAuth Profile Picture URL in _process_picture_url (oauth.py) — open-webuiCWE-918 7.7 High2026-05-15
CVE-2026-44549 Open WebUI: Stored XSS in excel file preview — open-webuiCWE-79 7.3 High2026-05-15
CVE-2026-45299 Open WebUI: Stored Cross-Site Scripting In Profile Picture — open-webuiCWE-79 5.4 Medium2026-05-15
CVE-2026-45665 Open WebUI: Stored XSS in Banner Component via Improper Sanitization Order — open-webuiCWE-79 8.1 High2026-05-15
CVE-2026-45667 Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS) — open-webuiCWE-862 6.5 Medium2026-05-15
CVE-2026-44565 Open WebUI: Open WebUI Arbitrary File Write, Delete via Path Traversal — open-webuiCWE-22 8.1 High2026-05-15
CVE-2026-45314 Open WebUI: XSS via SVG in /api/v1/channels/webhooks/{webhook_id}/profile/image — open-webuiCWE-87--2026-05-15
CVE-2026-45316 Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access) — open-webuiCWE-863 3.5 Low2026-05-15
CVE-2026-45317 Open WebUI: Cross-Site Request Forgery (CSRF) via Image URL Manipulation — open-webuiCWE-20 4.6 Medium2026-05-15
CVE-2026-45318 Open WebUI: Stored XSS via unsanitized Office/Excel/DOCX file preview rendering ({@html} without DOMPurify) — open-webuiCWE-79 5.4 Medium2026-05-15
CVE-2026-45315 Open WebUI: Stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions — open-webuiCWE-79 8.7 High2026-05-15
CVE-2026-44571 Open WebUI: Improper Authorization in Standard Channels Allows Message Updates with Read Permission — open-webuiCWE-862 6.5 Medium2026-05-15
CVE-2026-45350 Open WebUI: Chat completion API allows tool restrictions to be bypassed — open-webuiCWE-862 7.1 High2026-05-15
CVE-2026-45303 Open WebUI: Stored XSS via the HTML renedering view — open-webuiCWE-79 7.7 High2026-05-15
CVE-2026-45301 Open WebUI: Missing permission check in files API allows authenticated users to list, access and delete every uploaded file — open-webuiCWE-284 8.1 High2026-05-15
CVE-2026-45345 Open WebUI: Missing authorization check at the model update function - models from other users can be updated — open-webuiCWE-285 6.5 Medium2026-05-15
CVE-2026-45346 Open WebUI: Stored Cross-Site Scripting in SVG Renderer — open-webuiCWE-80--2026-05-15
CVE-2026-45347 Open WebUI: Blind server side request forgery (SSRF) via the PDF generate function — open-webuiCWE-918 4.3 Medium2026-05-15
CVE-2026-45351 Open WebUI: Exposure of System Prompt to Regular User [Non-Admin] — open-webuiCWE-200 6.5 Medium2026-05-15
CVE-2026-45666 Open WebUI: Indirect Object Reference (IDOR) in user notes — open-webuiCWE-639 6.5 Medium2026-05-15
CVE-2026-45365 Open WebUI: Authenticated users can bypass model access control via exposed query parameter — open-webuiCWE-285 5.4 Medium2026-05-15
CVE-2026-44570 Open WebUI: Inconsistent authorization controls within memories API — open-webuiCWE-639 8.3 High2026-05-15
CVE-2026-44569 Open WebUI: Insecure Message Access Breaks Authorization — open-webuiCWE-862 7.1 High2026-05-15
CVE-2026-44566 Open WebUI: Arbitrary File Upload and Path Traversal — open-webuiCWE-22 7.3 High2026-05-15
CVE-2026-44567 Open WebUI: Open WebUI Improper Authorization Control — open-webuiCWE-863 7.3 High2026-05-15
CVE-2026-45672 Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed — open-webuiCWE-863 8.8 High2026-05-15
CVE-2026-45400 Open WebUI: Server-Side Request Forgery (SSRF) bypass in `validate_url` — open-webuiCWE-918 8.5 High2026-05-15
CVE-2026-45402 Open WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints — open-webuiCWE-639 8.1 High2026-05-15
CVE-2026-45401 Open WebUI: SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints — open-webuiCWE-918 8.5 High2026-05-15

This page lists every published CVE security advisory associated with open-webui. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.