Lucene search
+L

1382 matches found

Nuclei
Nuclei
added yesterday21 views

Open WebUI 'LDAP Empty Password' - Authentication Bypass

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accep...

9.1CVSS7AI score0.01461EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday21 views

Open WebUI < 0.9.5 - Information Disclosure

Open WebUI 0.9.5 contains an information disclosure vulnerability caused by unauthenticated access to GET /api/v1/retrieval/ endpoint, letting remote attackers retrieve live RAG pipeline configuration without authorization, exploit requires no authentication. id: CVE-2026-45397 info: name: Open...

5.3CVSS6.2AI score0.0072EPSS
Exploits1References3
NVD
NVD
added 2 days ago5 views

CVE-2026-56400

open-webui before 0.3.14 contains a cross-origin resource sharing misconfiguration allowing arbitrary origins with alloworigins= and authenticated requests to the /api/v1/functions endpoint. Attackers can execute arbitrary code on the openwebui instance by crafting malicious cross-site requests...

9.6CVSS0.00264EPSS
Exploits1References2
NVD
NVD
added 2 days ago3 views

CVE-2026-56398

Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs...

9CVSS0.00304EPSS
Exploits1References2
CVE
CVE
added 2 days ago5 views

CVE-2026-56400

open-webui before 0.3.14 is described as vulnerable to a cross-origin resource sharing misconfiguration that allows arbitrary origins (allow_origins=*) and authenticated requests to the /api/v1/functions endpoint. The result is remote code execution by crafting malicious cross-site requests from ...

9.6CVSS6.3AI score0.00264EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-56400 open-webui - Remote Code Execution via CORS Misconfiguration and Session Validation

open-webui before 0.3.14 contains a cross-origin resource sharing misconfiguration allowing arbitrary origins with alloworigins= and authenticated requests to the /api/v1/functions endpoint. Attackers can execute arbitrary code on the openwebui instance by crafting malicious cross-site requests...

9CVSS0.00264EPSS
Exploits1References2
OSV
OSV
added 2 days ago3 views

CVE-2026-56400 open-webui - Remote Code Execution via CORS Misconfiguration and Session Validation

open-webui before 0.3.14 contains a cross-origin resource sharing misconfiguration allowing arbitrary origins with alloworigins= and authenticated requests to the /api/v1/functions endpoint. Attackers can execute arbitrary code on the openwebui instance by crafting malicious cross-site requests...

9CVSS6.3AI score0.00264EPSS
Exploits1References4
OSV
OSV
added 2 days ago4 views

CVE-2026-56398 Open WebUI - Stored Cross-Site Scripting via OAuth Picture Claim SVG Data URI

Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs...

8.5CVSS6.2AI score0.00304EPSS
Exploits1References4
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-44628

Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs...

8.5CVSS6.2AI score0.00304EPSS
Exploits1References2
CVE
CVE
added 2 days ago6 views

CVE-2026-56398

Open WebUI before 0.9.5 is vulnerable to stored XSS via the OAuth picture claim SVG data URI. The code infers MIME type from the URL extension (e.g., .svg) and ignores the server-provided Content-Type, then stores data URI labelling it as image/svg+xml. The profile image validator is bypassed in ...

9CVSS6.2AI score0.00304EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-56398 Open WebUI - Stored Cross-Site Scripting via OAuth Picture Claim SVG Data URI

Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs...

8.5CVSS0.00304EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 4 days ago3 views

The vulnerability of the Open WebUI web interface, related to the lack of permission checking, allows a violator to gain read access, modify data, and increase their privileges.

The vulnerability of the Open WebUI web interface relates to the lack of permission checking for workspace.models.import. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access, modify data, and enhance their privileges by sending a specially crafted POST...

6.8CVSS6.1AI score0.0029EPSS
Exploits1References2Affected Software1
Chainguard
Chainguard
added 2026/07/09 8:31 p.m.11 views

CVE-2026-55443 vulnerabilities

Vulnerabilities for packages: open-webui...

5.5CVSS5.9AI score0.00157EPSS
Exploits0
Wolfi
Wolfi
added 2026/07/09 8:23 p.m.13 views

CVE-2026-55443 vulnerabilities

Vulnerabilities for packages: open-webui...

5.5CVSS5.9AI score0.00157EPSS
Exploits0
NVD
NVD
added 2026/07/09 5:17 p.m.13 views

CVE-2026-59226

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0, executeautomation rehydrated automation owners without rechecking that they were still active or still had features.automations, and checkmodelaccess only enforced private-model grants...

4.3CVSS0.00303EPSS
Exploits0References4
NVD
NVD
added 2026/07/09 5:17 p.m.9 views

CVE-2026-59715

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.16 before 0.10.0, the Socket.IO server is configured with alwaysconnect=True. The ydoc:awareness:update and ydoc:document:leave Socket.IO handlers accepted collaborative-document events without requirin...

6.5CVSS0.00222EPSS
Exploits1References4
NVD
NVD
added 2026/07/09 5:17 p.m.11 views

CVE-2026-59220

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.2 before 0.10.0, the SKILLMENTIONRE and stripre regular expressions in backend/openwebui/utils/middleware.py parsed skill mentions with overlapping quantifiers, allowing an authenticated chat message...

6.5CVSS0.00319EPSS
Exploits1References3
NVD
NVD
added 2026/07/09 5:17 p.m.5 views

CVE-2026-59223

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, WEBFETCHFILTERLIST matching compared configured host entries against URL strings and non-label-boundary suffixes, allowing path-based blocklist bypasses such as !internal.example.com in a URL pa...

4.3CVSS0.00223EPSS
Exploits0References4
NVD
NVD
added 2026/07/09 5:17 p.m.7 views

CVE-2026-59224

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, backend/openwebui/routers/terminals.py built the wsterminal upstream URL from an unencoded sessionid and appended userid as a query parameter, allowing query injection to make the terminal backe...

8CVSS0.00286EPSS
Exploits0References4
NVD
NVD
added 2026/07/09 5:17 p.m.6 views

CVE-2026-59222

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 before 0.10.0, GET /api/v1/channels//members returned full UserModelResponse objects for channel members, including settings.ui.toolServers.key and webhook configuration, allowing a normal channel...

6.5CVSS0.00265EPSS
Exploits1References3
Rows per page
Query Builder