| CVE-2026-45667 |
medium |
6.5 |
6.5 |
|
|
|
13d ago |
Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS) |
| CVE-2026-45666 |
medium |
6.5 |
6.5 |
|
|
|
13d ago |
Open WebUI has an Indirect Object Reference (IDOR) in user notes |
| CVE-2026-45351 |
medium |
6.5 |
6.5 |
|
|
|
13d ago |
Open WebUI Exposes System Prompt to Regular User [Non-Admin] |
| CVE-2026-45345 |
medium |
6.5 |
6.5 |
|
|
|
13d ago |
Open WebUI missing authorization check at the model update function - models from other users can be updated |
| CVE-2026-44571 |
medium |
6.5 |
6.5 |
|
|
|
13d ago |
Open WebUI's Improper Authorization in Standard Channels Allows Message Updates with Read Permission |
| CVE-2026-44562 |
medium |
6.5 |
6.5 |
|
|
|
13d ago |
Open WebUI's Model Import Overwrites Any Model Without Ownership Check |
| CVE-2026-44560 |
medium |
6.5 |
6.5 |
|
|
|
13d ago |
Open WebUI has Unauthorized File and Knowledge Base Content Access via RAG Vector Search |
| CVE-2026-45314 |
medium |
6.1 |
6.1 |
|
|
|
14d ago |
Open WebUI has XSS via SVG in /api/v1/channels/webhooks/{webhook_id}/profile/image |
| CVE-2026-45365 |
medium |
5.4 |
5.4 |
|
|
|
13d ago |
Open WebUI: Authenticated users can bypass model access control via exposed query parameter [AI-ASSISTED] |
| CVE-2026-45347 |
medium |
5.4 |
5.4 |
|
|
|
13d ago |
Open WebUI vulnerable to blind server side request forgery (SSRF) via the PDF generate function |
| CVE-2026-45318 |
medium |
5.4 |
5.4 |
|
|
|
13d ago |
Open WebUI has stored XSS via unsanitized Office/Excel/DOCX file preview rendering ({@html} without DOMPurify) |
| CVE-2026-45396 |
medium |
5.4 |
5.4 |
|
|
|
13d ago |
Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation |
| CVE-2026-44564 |
medium |
5.4 |
5.4 |
|
|
|
13d ago |
Read-Only Open WebUI Users Can Modify Collaborative Documents via Socket.IO |
| CVE-2026-44563 |
medium |
5.4 |
5.4 |
|
|
|
13d ago |
Open WebUI's Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show |
| CVE-2026-44561 |
medium |
5.4 |
5.4 |
|
|
|
13d ago |
Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels |
| CVE-2026-44558 |
medium |
5.4 |
5.4 |
|
|
|
13d ago |
Open WebUI's Channel Access Grants Bypass filter_allowed_access_grants |
| CVE-2026-45299 |
medium |
5.4 |
5.4 |
|
|
|
14d ago |
Open WebUI has Stored Cross-Site Scripting In Profile Picture |
| CVE-2026-45397 |
medium |
5.3 |
5.3 |
|
|
|
14d ago |
Open WebUI Vulnerable to Unauthenticated RAG Configuration Disclosure |
| CVE-2026-44550 |
medium |
5.0 |
5.0 |
|
|
|
13d ago |
Open WebUI's Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts |
| CVE-2026-44568 |
medium |
4.8 |
4.8 |
|
|
|
13d ago |
Open WebUI has Stored XSS in Pending User Overlay via Incorrect DOMPurify Application Order |
| CVE-2026-45317 |
medium |
4.6 |
4.6 |
|
|
|
13d ago |
Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF) via Image URL Manipulation |
| CVE-2026-45387 |
medium |
4.3 |
4.3 |
|
|
|
13d ago |
Open WebUI: Sharing models for others to use (read permission) also exposes model details (system prompt leakage) |
| CVE-2026-45385 |
medium |
4.3 |
4.3 |
|
|
|
13d ago |
Open WebUI has an IDOR vulnerability in the update_message_by_id API endpoint |
| CVE-2026-44559 |
medium |
4.3 |
4.3 |
|
|
|
13d ago |
Open WebUI Missing Access Check on Channel Members Endpoint for Standard Channels |
| CVE-2026-45386 |
medium |
4.3 |
4.3 |
|
|
|
14d ago |
Open WebUI has an IDOR vulnerability in the pin_channel_message API endpoint |
| CVE-2026-44557 |
medium |
4.3 |
4.3 |
|
|
|
20d ago |
Open WebUI vulnerable to Global Knowledge Base Enumeration via knowledge-bases Meta-Collection |
| CVE-2026-45316 |
low |
3.5 |
3.5 |
|
|
|
13d ago |
Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access) |