Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/05/18 7:58 p.m.11 views

CVE-2026-44563

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints accept any model name from the user and forward the request to the Ollama backend without checking whether the...

5.4CVSS5.8AI score0.00238EPSS
Exploits1References1
NVD
NVD
added 2026/05/15 8:16 p.m.11 views

CVE-2026-44563

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints accept any model name from the user and forward the request to the Ollama backend without checking whether the...

5.4CVSS0.00238EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/15 7:28 p.m.9 views

CVE-2026-44563 Open WebUI: Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints accept any model name from the user and forward the request to the Ollama backend without checking whether the...

5.4CVSS5.8AI score0.00238EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:28 p.m.8 views

CVE-2026-44563

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints accept any model name from the user and forward the request to the Ollama backend without checking whether the...

5.4CVSS5.8AI score0.00238EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/15 7:28 p.m.37 views

CVE-2026-44563

Open WebUI/Open WebUI’s Ollama integration vulnerability (CVE-2026-44563) affects the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints. These endpoints forward a user-supplied model name to the Ollama backend without enforcing AccessGrants.has_access(), effectively bypassing mo...

5.4CVSS5.8AI score0.00238EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI that is open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints, which accepted...

5.4CVSS5.8AI score0.00238EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/08 7:52 p.m.11 views

Missing Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the generatecompletion, embed, embeddings, and showmodelinfo functions. An attacker can access restricted model information and consume compute resources by sending crafted API reques...

5.4CVSS5.8AI score0.00238EPSS
Exploits1References2
Rows per page
Query Builder