Openwebui Open_webui
59 CVEs affecting Openwebui Open_webui. Latest disclosed: 2026-05-15. Critical: 1, High: 29.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-44551 | Critical | 9.1 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not va… |
CVE-2026-45672 | High | 8.8 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint exe… |
CVE-2026-45315 | High | 8.7 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint take… |
CVE-2026-44552 | High | 8.7 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the tool_servers and terminal_servers keys i… |
CVE-2026-45401 | High | 8.5 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the validate_url() function in backend/open_… |
CVE-2026-45400 | High | 8.5 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, a parsing difference between the urlparse an… |
CVE-2026-45331 | High | 8.5 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validate_url() in backend/open_webui/retriev… |
CVE-2026-44570 | High | 8.3 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authorization controls surrounding the memo… |
CVE-2026-45665 | High | 8.1 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting (XSS) vulnerab… |
CVE-2026-45301 | High | 8.1 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a missing permission check in all files rel… |
CVE-2026-44565 | High | 8.1 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.10, when uploading an audio file, the name of t… |
CVE-2026-45402 | High | 8.1 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, multiple endpoints accept a user-supplied fi… |
CVE-2026-45675 | High | 8.1 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a… |
CVE-2026-44554 | High | 8.1 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/retrieval/process/web endpo… |
CVE-2026-44553 | High | 8.1 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletio… |
CVE-2026-45671 | High | 8.0 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delet… |
CVE-2026-45338 | High | 7.7 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a Server-Side Request Forgery (SSRF) vulnera… |
CVE-2026-45303 | High | 7.7 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.5, through the HTML rendering view, scripts can… |
CVE-2026-44555 | High | 7.6 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI supports model composition via ba… |
CVE-2026-45398 | High | 7.5 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, _validate_collection_access() checks the use… |