Package impact
PIP / open-webui
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44566 | critical | 9.8 | 9.8 | 14d ago | Open WebUI Vulnerable to Arbitrary File Upload and Path Traversal | |||
| CVE-2026-44551 | critical | 9.1 | 9.1 | 21d ago | Open WebUI has an LDAP Empty Password Authentication Bypass | |||
| CVE-2026-45316 | low | 3.5 | 3.5 | 14d ago | Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access) |