Lucene search
K

4 matches found

NVD
NVD
added 2026/05/15 10:16 p.m.28 views

CVE-2026-44567

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of user. By default, when Open WebUI is configured with new sign-ups enabled, the default user role is...

7.3CVSS0.0023EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 8:59 p.m.16 views

EUVD-2026-30643

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of user. By default, when Open WebUI is configured with new sign-ups enabled, the default user role is...

7.3CVSS5.8AI score0.0023EPSS
Exploits1References1
CVE
CVE
added 2026/05/15 8:59 p.m.20 views

CVE-2026-44567

Open WebUI improperly authorizes users with a pending role. The CVE describes that prior to v0.1.124 the API does not validate that a user has an authorized role, allowing a pending user to access endpoints intended for authenticated users. Technical details show get_current_user() validates JWTs...

7.3CVSS5.8AI score0.0023EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/15 8:59 p.m.11 views

CVE-2026-44567 Open WebUI: Open WebUI Improper Authorization Control

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of user. By default, when Open WebUI is configured with new sign-ups enabled, the default user role is...

7.3CVSS5.8AI score0.0023EPSS
Exploits1References1
Rows per page
Query Builder