CVE-2025-29446

open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verifyconnection...

CVE-2024-7034

In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...

CVE-2024-7990

A stored cross-site scripting XSS vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the /api/v1/models/add endpoint, where the model description field is improperly sanitized before being rendered in chat. This allows an attacker to inject malicious...

CVE-2024-9840

A Denial of Service DoS vulnerability exists in open-webui/open-webui version 0.3.21. This vulnerability affects multiple endpoints, including /ollama/models/upload, /audio/api/v1/transcriptions, and /rag/api/v1/doc. The application processes multipart boundaries without authentication, leading t...

Open WebUI stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the /api/v1/models/add endpoint, where the model description field is improperly sanitized before being rendered in chat. This allows an attacker to inject malicious...

CVE-2024-7034 Remote Code Execution due to Arbitrary File Write in open-webui/open-webui

In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...

CVE-2024-7044 Stored XSS in open-webui/open-webui

A Stored Cross-Site Scripting XSS vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the victim's browser. Th...

CVE-2024-7045 Improper Access Control in open-webui/open-webui

In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/prompts/ interface to retrieve all prompt...

CVE-2024-7040 Improper Access Control in open-webui/open-webui

In version v0.3.8 of open-webui/open-webui, there is an improper access control vulnerability. On the frontend admin page, administrators are intended to view only the chats of non-admin members. However, by modifying the userid parameter, it is possible to view the chats of any administrator,...

CVE-2024-7959

The CVE-2024-7959 entry affects open-webui/open-webui v0.3.8, where the /openai/models endpoint is vulnerable to SSRF. An attacker can modify the OpenAI URL without validation, causing the endpoint to issue requests to arbitrary URLs and return the response, potentially exposing internal services...

CVE-2024-7959 SSRF in open-webui/open-webui

The /openai/models endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery SSRF. An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the...

PT-2025-12179 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: open-webui/open-webui version 0.3.8 Description: The issue allows attackers to view and delete any files due to improper access control. The application fails to verify whether the attacker is an administrator, enabling them to directly call...

PT-2025-12178 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: open-webui/open-webui version v0.3.8 Description: The issue is related to improper access control. Administrators are supposed to view only the chats of non-admin members on the frontend admin page. However, it is possible to view the chats o...