21 matches found
CVE-2026-45349
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a user just needs to use the API endpoint: /api/chat/completions with their own API key generated in OWUI and the Chat ID of another user to continue the conversation of the other...
CVE-2026-45350
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. In the chatcompletion API, t...
CVE-2026-45350 Open WebUI: Chat completion API allows tool restrictions to be bypassed
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. In the chatcompletion API, t...
CVE-2026-45350 Open WebUI: Chat completion API allows tool restrictions to be bypassed
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. In the chatcompletion API, t...
EUVD-2026-30652
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. In the chatcompletion API, t...
CVE-2026-45350
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. In the chatcompletion API, t...
CVE-2026-45350
Open WebUI (self-hosted AI platform) has a vulnerability in the chat_completion API prior to version 0.8.6 where user-supplied tool_ids/tool_servers are used to build a tools_dict without permission checks. This allows invoking any server tool using the server’s credentials, bypassing tool restri...
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.6 contained security vulnerabilities. These vulnerabilities stemmed from the chat completion API, where tool IDs and server parameters were provided by users witho...
GHSA-RH5X-H6PP-CJJ6 Open WebUI has a SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints (not addressed by CVE-2025-65958)
Server-Side Request Forgery SSRF Bypass via HTTP Redirect Following in Web-Fetch, Image-Load, and Chat-Completion Endpoints Summary The validateurl function in backend/openwebui/retrieval/web/utils.py only validates the initial URL submitted by the caller. The HTTP clients used downstream sync...
GHSA-4PCG-253R-RF9W Open WebUI's chat completion API allows tool restrictions to be bypassed
Summary Open WebUI v0.6.43 contains a vulnerability in its chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. Details In the chatcompletion API, the parameters toolids and toolservers are supplied by the user. These...
Open WebUI's chat completion API allows tool restrictions to be bypassed
Summary Open WebUI v0.6.43 contains a vulnerability in its chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. Details In the chatcompletion API, the parameters toolids and toolservers are supplied by the user. These...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization via the chatcompletion API when user-supplied toolids or toolservers parameters are processed without verifying the user's permissions. An attacker can gain unauthorized access to...
Authorization Bypass Through User-Controlled Key
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the chatcompletion process. An attacker can access and continue another user's conversation by supplying a known Chat ID in API requests. This is only...
PT-2026-39277
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The get sources from items function resolves file and knowledge base references into vector search queries during chat completion. Certain code paths perform vector store queries without...
CVE-2026-34756 vLLM Affected by Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server
vLLM is an inference and serving engine for large language models LLMs. From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionReques...
CVE-2026-34756 vLLM Affected by Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server
vLLM is an inference and serving engine for large language models LLMs. From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionReques...
vLLM 安全漏洞
vLLM is an open-source LLM-based inference and service engine that features high throughput and efficient memory usage. Versions of vLLM prior to 0.1.0 to 0.19.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of upper limit validation for the n parameter in the...
GHSA-3MWP-WVH9-7528 vLLM: Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server
Summary A Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionRequest Pydantic models, an unauthenticated attacker can send a single HTTP request with an...
PT-2026-30199
Summary A Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionRequest Pydantic models, an unauthenticated attacker can send a single HTTP request with an...
PT-2026-41180
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.6 Description A flaw in the chat completion API allows users to bypass tool restrictions, potentially leading to unauthorized actions or access. In the '/api/chat/completions' endpoint, the tool ids and tool...