hubzoid (>=0.2.2 <=0.4.5), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-44554 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-44554 Source advisory: OSV:GHSA-7R82-QHG4-6WVJ...

Missing Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the processweb and processyoutube endpoints when the overwrite parameter is set to true and the collectionname is attacker-controlled. An attacker can overwrite or delete another user...

Incorrect Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Incorrect Authorization in the setaccessgrants process. An attacker can override administrative access controls by submitting arbitrary access grants, including wildcard grants, which are persisted without...

Open WebUI's Channel Access Grants Bypass filter_allowed_access_grants

Channel Access Grants Bypass filterallowedaccessgrants Affected Component Channel creation and update endpoints: - backend/openwebui/routers/channels.py lines 291-340, createnewchannel - backend/openwebui/routers/channels.py lines 617-638, updatechannelbyid - backend/openwebui/models/channels.py...

hubzoid (>=0.2.2 <=0.4.5), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-44558 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-44558 Source advisory: OSV:GHSA-7RJH-PX4V-5W55...

hubzoid (>=0.2.2 <=0.4.5), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-44556 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-44556 Source advisory: OSV:GHSA-HP5M-24VP-VQ2Q...

GHSA-HP5M-24VP-VQ2Q Open WebUI's responses passthrough endpoint lacks access control authorization

Summary The /responses endpoint in the OpenAI router accepts any authenticated user and forwards requests directly to upstream LLM providers without enforcing per-model access control. While the primary chat completion endpoint generatechatcompletion checks model ownership, group membership, and...

Open WebUI's responses passthrough endpoint lacks access control authorization

Summary The /responses endpoint in the OpenAI router accepts any authenticated user and forwards requests directly to upstream LLM providers without enforcing per-model access control. While the primary chat completion endpoint generatechatcompletion checks model ownership, group membership, and...

Open WebUI's Base Model Routing Bypasses Access Control via Model Chaining

Base Model Routing Bypasses Access Control via Model Chaining Affected Component Model chaining via basemodelid: - backend/openwebui/routers/models.py lines 170-214, createnewmodel - backend/openwebui/routers/models.py lines 254-308, importmodels - backend/openwebui/main.py lines 1696-1711, base...

hubzoid (>=0.2.2 <=0.4.5), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-44552 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-44552 Source advisory: OSV:GHSA-3X8W-4F7P-XXC2...

Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning

Redis Cache Keys toolservers and terminalservers Missing Instance Prefix Enable Cross-Instance Cache Poisoning Affected Component Tool server and terminal server Redis cache: - backend/openwebui/utils/tools.py line 841, toolservers SET - backend/openwebui/utils/tools.py line 850, toolservers GET ...

GHSA-3X8W-4F7P-XXC2 Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning

Redis Cache Keys toolservers and terminalservers Missing Instance Prefix Enable Cross-Instance Cache Poisoning Affected Component Tool server and terminal server Redis cache: - backend/openwebui/utils/tools.py line 841, toolservers SET - backend/openwebui/utils/tools.py line 850, toolservers GET ...

hubzoid (>=0.2.2 <=0.4.5), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-44552 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-44552 Source advisory: SNYK:PYTHON-OPENWEBUI-16599148...

hubzoid (>=0.2.2 <=0.4.5), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-44553 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-44553 Source advisory: OSV:GHSA-45M8-CPM2-3V65...

hubzoid (>=0.2.2 <=0.4.5), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-44550 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-44550 Source advisory: SNYK:PYTHON-OPENWEBUI-16599158...

hubzoid (>=0.2.2 <=0.4.5), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-44550 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-44550 Source advisory: OSV:GHSA-HR43-RJMR-7WMM...

Missing Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization via the createfolder process. An attacker can create unauthorized folders in another user's account, potentially flooding the victim's folder tree or planting phishing content, by...

GHSA-2R4P-JPMG-48F4 Open WebUI has an LDAP Empty Password Authentication Bypass

LDAP Empty Password Authentication Bypass Affected Component LDAP authentication endpoint: - backend/openwebui/routers/auths.py lines 468-477, user bind with empty password - backend/openwebui/models/auths.py lines 58-60, LdapForm model Affected Versions Current main branch commit 6fdd19bf1 and...

hubzoid (>=0.2.2 <=0.4.5), openwebui-token-tracking (>=0.1.7 <=0.1.10) +1 more potentially affected by CVE-2026-44551 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.2.2, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-44551 Source advisory: SNYK:PYTHON-OPENWEBUI-16599159...

Improper Authentication

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Improper Authentication in the LdapForm process. An attacker can gain unauthorized access to any LDAP user account, including administrative accounts, by submitting a valid username with an empty password to...