open-webui
PyPI61 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting open-webuipage 2 of 2
- CVE-2026-45397MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.9.52026-05-15
vulnerable: 0.1.124 ... 0.9.4 (156 versions)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, GET /api/v1/retrieval/ returns live RAG pipeline configuration to any unauthenticated HTTP client. No Authorization header, …
- CVE-2026-45398HIGHCVSS 7.5EG 7.5✓ Fixed in 0.9.52026-05-15
vulnerable: 0.1.124 ... 0.9.4 (156 versions)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, _validate_collection_access() checks the user-memory-* and file-* collection name prefixes but does not check knowledge base…
- CVE-2026-45399HIGHCVSS 7.1EG 7.1✓ Fixed in 0.9.02026-05-15
vulnerable: 0.1.124 ... 0.8.9 (151 versions)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging …
- CVE-2026-45400HIGHCVSS 8.5EG 8.5✓ Fixed in 0.9.52026-05-15
vulnerable: 0.1.124 ... 0.9.4 (156 versions)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, a parsing difference between the urlparse and requests libraries led to an SSRF bypass vulnerability. This vulnerability is …
- CVE-2026-45401HIGHCVSS 8.5EG 8.5✓ Fixed in 0.9.52026-05-15
vulnerable: 0.1.124 ... 0.9.4 (156 versions)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the validate_url() function in backend/open_webui/retrieval/web/utils.py only validates the initial URL submitted by the cal…
- CVE-2026-45402HIGHCVSS 8.1EG 8.1✓ Fixed in 0.9.52026-05-15
vulnerable: 0.1.124 ... 0.9.4 (156 versions)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, multiple endpoints accept a user-supplied file_id and attach the referenced file to a resource the caller controls (folder k…
- CVE-2026-45666MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.8.112026-05-15
vulnerable: 0.1.124 ... 0.8.9 (149 versions)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v1/notes/{note_id} endpoint lacks proper authorization checks, allowing authenticated users to retrieve notes …
- CVE-2026-45667MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.8.02026-05-15
vulnerable: 0.1.124 ... 0.7.2 (138 versions)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v1/memories/ef is accessible without authentication and executes request.app.state.EMBEDDING_FUNCTION(...). This al…
- CVE-2026-45671HIGHCVSS 8.0EG 8.0✓ Fixed in 0.9.02026-05-15
vulnerable: 0.1.124 ... 0.8.9 (151 versions)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delete files owned by other users via DELETE /api/v1/files/{id} when the target file …
- CVE-2026-45672HIGHCVSS 8.8EG 8.8✓ Fixed in 0.8.122026-05-15
vulnerable: 0.1.124 ... 0.8.9 (150 versions)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the adm…
- CVE-2026-45675HIGHCVSS 8.1EG 8.1✓ Fixed in 0.9.02026-05-15
vulnerable: 0.1.124 ... 0.8.9 (151 versions)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) pattern for first-user admin role assignment…
Check whether open-webui is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for open-webui CVEs against the assets you own.
Start Free Scan →