Package impact
PIP / open-webui
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-44566 | critical | 9.8 | 9.8 | 13d ago | Open WebUI Vulnerable to Arbitrary File Upload and Path Traversal | |
| CVE-2026-44551 | critical | 9.1 | 9.1 | 20d ago | Open WebUI has an LDAP Empty Password Authentication Bypass | |
| CVE-2026-45316 | low | 3.5 | 3.5 | 13d ago | Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access) |