What is CVE-2026-44567?

CVE-2026-44567 is a high-severity vulnerability in Open-webui, classified under CWE-602. CVSS score: 7.3/10. Published 2026-05-15.

How severe is CVE-2026-44567?

High severity. CVSS v3 base score is 7.3 out of 10.

Auth bypass in Open-webui

CVE-2026-44567

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of user. By default, when Open WebUI is confi…

EPSS: 0.001 (26.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L.

Affected products

Open-webui — versions < 0.1.124
Openwebui Open_webui

Weakness classification (CWE)

CWE-602
CWE-863 — Incorrect Authorization

References

security-advisories@github.com (x_refsource_CONFIRM, Exploit, Mitigation, Vendor Advisory)

Frequently asked questions

What is CVE-2026-44567?: CVE-2026-44567 is a high-severity vulnerability in Open-webui, classified under CWE-602. CVSS score: 7.3/10. Published 2026-05-15.
How severe is CVE-2026-44567?: High severity. CVSS v3 base score is 7.3 out of 10.