Lucene search
K

5 matches found

Nuclei
Nuclei
added 13 hours ago16 views

Open WebUI < 0.9.5 - Information Disclosure

Open WebUI 0.9.5 contains an information disclosure vulnerability caused by unauthenticated access to GET /api/v1/retrieval/ endpoint, letting remote attackers retrieve live RAG pipeline configuration without authorization, exploit requires no authentication. id: CVE-2026-45397 info: name: Open...

5.3CVSS6.1AI score0.0072EPSS
Exploits1References3
NVD
NVD
added 2026/05/15 9:16 p.m.22 views

CVE-2026-45397

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, GET /api/v1/retrieval/ returns live RAG pipeline configuration to any unauthenticated HTTP client. No Authorization header, cookie, or API key is required. Every adjacent endpoint on...

5.3CVSS0.0072EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 8:34 p.m.7 views

CVE-2026-45397

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, GET /api/v1/retrieval/ returns live RAG pipeline configuration to any unauthenticated HTTP client. No Authorization header, cookie, or API key is required. Every adjacent endpoint on...

5.3CVSS5.8AI score0.0072EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Open WebUI 访问控制错误漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.5 contained a security vulnerability related to access control. This vulnerability stemmed from the lack of authentication for the GET /api/v1/retrieval endpoint,...

5.3CVSS5.8AI score0.0072EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/07 2:49 p.m.1 views

CVE-2026-35486 text-generation-webui has a SSRF in superbooga/superboogav2 extensions — no URL validation

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, he superbooga and superboogav2 RAG extensions fetch user-supplied URLs via requests.get with zero validation — no scheme check, no IP filtering, no hostname allowlist. An attacker can access clo...

7.5CVSS5.9AI score0.004EPSS
Exploits1References1
Rows per page
Query Builder