Package impact

PyPI / open-webui

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2026-44566	critical	9.8	9.8	12d ago	Open WebUI Vulnerable to Arbitrary File Upload and Path Traversal
CVE-2026-44551	critical	9.1	9.1	19d ago	Open WebUI has an LDAP Empty Password Authentication Bypass
CVE-2026-45672	high	8.8	8.8	13d ago	Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed
CVE-2026-45315	high	8.7	8.7	12d ago	Open WebUI has stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions
CVE-2026-44549	high	8.7	8.7	12d ago	Open WebUI has stored XSS in Excel file preview
CVE-2026-44552	high	8.7	8.7	19d ago	Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning
CVE-2026-45401	high	8.5	8.5	12d ago	Open WebUI has a SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints (not addressed by CVE-2025-65958)
CVE-2026-45400	high	8.5	8.5	12d ago	Open WebUI has a Server-Side Request Forgery (SSRF) bypass in `validate_url`
CVE-2026-45331	high	8.5	8.5	13d ago	Open WebUI has a full SSRF Vulnerability in the RAG Web Search Feature
CVE-2026-44570	high	8.3	8.3	12d ago	Open WebUI has inconsistent authorization controls within memories API
CVE-2026-45301	high	8.1	8.1	12d ago	Open WebUI: Missing permission check in files API allows authenticated users to list, access and delete every uploaded file
CVE-2026-44565	high	8.1	8.1	12d ago	Open WebUI Arbitrary File Write, Delete via Path Traversal
CVE-2026-45402	high	8.1	8.1	12d ago	Open WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints
CVE-2026-45675	high	8.1	8.1	12d ago	Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts
CVE-2026-44554	high	8.1	8.1	12d ago	Open WebUI has Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite
CVE-2026-44553	high	8.1	8.1	19d ago	Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access
CVE-2026-45671	high	8.0	8.0	13d ago	Open WebUI: shared-chat branch ignores access_type, allowing unauthorized file deletion
CVE-2026-45338	high	7.7	7.7	13d ago	Open WebUI Vulnerable to SSRF via OAuth Profile Picture URL in _process_picture_url (oauth.py)
CVE-2026-45303	high	7.7	7.7	13d ago	Open WebUI has stored XSS via the HTML renedering view
CVE-2026-44555	high	7.6	7.6	12d ago	Open WebUI's Base Model Routing Bypasses Access Control via Model Chaining
CVE-2026-45398	high	7.5	7.5	13d ago	Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base Access Controls
CVE-2026-44721	high	7.3	7.3	12d ago	open-webui Vulnerable to Stored XSS via Model Description
CVE-2026-44567	high	7.3	7.3	19d ago	Open WebUI has Improper Authorization Control
CVE-2026-44569	high	7.1	7.1	12d ago	Open WebUI's Insecure Message Access Breaks Authorization
CVE-2026-45399	high	7.1	7.1	12d ago	Open WebUI: Low-privilege authenticated users can enumerate and stop global background tasks, causing system-wide chat disruption
CVE-2026-45349	high	7.1	7.1	12d ago	Open WebUI has Broken Access Control for Completions API
CVE-2026-44556	high	7.1	7.1	12d ago	Open WebUI's responses passthrough endpoint lacks access control authorization
CVE-2026-45350	high	7.1	7.1	13d ago	Open WebUI's chat completion API allows tool restrictions to be bypassed
CVE-2026-45667	medium	6.5	6.5	12d ago	Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS)
CVE-2026-45666	medium	6.5	6.5	12d ago	Open WebUI has an Indirect Object Reference (IDOR) in user notes
CVE-2026-45351	medium	6.5	6.5	12d ago	Open WebUI Exposes System Prompt to Regular User [Non-Admin]
CVE-2026-45345	medium	6.5	6.5	12d ago	Open WebUI missing authorization check at the model update function - models from other users can be updated
CVE-2026-44571	medium	6.5	6.5	12d ago	Open WebUI's Improper Authorization in Standard Channels Allows Message Updates with Read Permission
CVE-2026-44562	medium	6.5	6.5	12d ago	Open WebUI's Model Import Overwrites Any Model Without Ownership Check
CVE-2026-44560	medium	6.5	6.5	12d ago	Open WebUI has Unauthorized File and Knowledge Base Content Access via RAG Vector Search
CVE-2026-45314	medium	6.1	6.1	13d ago	Open WebUI has XSS via SVG in /api/v1/channels/webhooks/{webhook_id}/profile/image
CVE-2026-45365	medium	5.4	5.4	12d ago	Open WebUI: Authenticated users can bypass model access control via exposed query parameter [AI-ASSISTED]
CVE-2026-45347	medium	5.4	5.4	12d ago	Open WebUI vulnerable to blind server side request forgery (SSRF) via the PDF generate function
CVE-2026-45318	medium	5.4	5.4	12d ago	Open WebUI has stored XSS via unsanitized Office/Excel/DOCX file preview rendering ({@html} without DOMPurify)
CVE-2026-45396	medium	5.4	5.4	12d ago	Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation
CVE-2026-44564	medium	5.4	5.4	12d ago	Read-Only Open WebUI Users Can Modify Collaborative Documents via Socket.IO
CVE-2026-44563	medium	5.4	5.4	12d ago	Open WebUI's Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show
CVE-2026-44561	medium	5.4	5.4	12d ago	Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels
CVE-2026-44558	medium	5.4	5.4	12d ago	Open WebUI's Channel Access Grants Bypass filter_allowed_access_grants
CVE-2026-45299	medium	5.4	5.4	13d ago	Open WebUI has Stored Cross-Site Scripting In Profile Picture
CVE-2026-45397	medium	5.3	5.3	13d ago	Open WebUI Vulnerable to Unauthenticated RAG Configuration Disclosure
CVE-2026-44550	medium	5.0	5.0	12d ago	Open WebUI's Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts
CVE-2026-44568	medium	4.8	4.8	12d ago	Open WebUI has Stored XSS in Pending User Overlay via Incorrect DOMPurify Application Order
CVE-2026-45317	medium	4.6	4.6	12d ago	Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF) via Image URL Manipulation
CVE-2026-45387	medium	4.3	4.3	12d ago	Open WebUI: Sharing models for others to use (read permission) also exposes model details (system prompt leakage)
CVE-2026-45385	medium	4.3	4.3	12d ago	Open WebUI has an IDOR vulnerability in the update_message_by_id API endpoint
CVE-2026-44559	medium	4.3	4.3	12d ago	Open WebUI Missing Access Check on Channel Members Endpoint for Standard Channels
CVE-2026-45386	medium	4.3	4.3	13d ago	Open WebUI has an IDOR vulnerability in the pin_channel_message API endpoint
CVE-2026-44557	medium	4.3	4.3	19d ago	Open WebUI vulnerable to Global Knowledge Base Enumeration via knowledge-bases Meta-Collection
CVE-2026-45316	low	3.5	3.5	12d ago	Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)
CVE-2026-34222	unknown	—	—	2mo ago	Open WebUI has Broken Access Control in Tool Valves
CVE-2026-29071	unknown	—	—	2mo ago	Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories
CVE-2026-29070	unknown	—	—	2mo ago	Open WebUI has unauthorized deletion of knowledge files
CVE-2026-28788	unknown	—	—	2mo ago	Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite
CVE-2026-28786	unknown	—	—	2mo ago	Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`
CVE-2025-65958	unknown	—	—	6mo ago	Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web
CVE-2025-63681	unknown	—	—	6mo ago	open-webui is Vulnerable to Incorrect Access Control
CVE-2025-64496	unknown	—	—	7mo ago	Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events
CVE-2025-64495	unknown	—	—	7mo ago	Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE
CVE-2024-8060	unknown	—	—	1y ago	Open WebUI allows Remote Code Execution via Arbitrary File Upload to /audio/api/v1/transcriptions
CVE-2024-8053	unknown	—	—	1y ago	Open WebUI lacks authentication for the `api/v1/utils/pdf` endpoint
CVE-2024-7990	unknown	—	—	1y ago	Open WebUI stored cross-site scripting (XSS) vulnerability
CVE-2024-7983	unknown	—	—	1y ago	Open WebUI denial of service through endpoint for converting markdown
CVE-2024-7046	unknown	—	—	1y ago	Open WebUI Allows Viewing of Admin Details
CVE-2024-7959	unknown	—	—	1y ago	Open WebUI has SSRF in /openai/models
CVE-2024-7806	unknown	—	—	1y ago	Open WebUI Cross-Site Request Forgery (CSRF) Vulnerability
CVE-2024-7053	unknown	—	—	1y ago	Open WebUI Vulnerable to a Session Fixation Attack
CVE-2024-7045	unknown	—	—	1y ago	Open WebUI Has Improper Access Control Leading to Arbitrary Prompt Read
CVE-2024-7035	unknown	—	—	1y ago	Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2024-7043	unknown	—	—	1y ago	Open WebUI Allows Arbitrary File Reading and Deletion
CVE-2024-7039	unknown	—	—	1y ago	Open WebUI Allows Admin Deletion via API Endpoint
CVE-2024-7036	unknown	—	—	1y ago	Open WebUI Uncontrolled Resource Consumption vulnerability
CVE-2024-7034	unknown	—	—	1y ago	Open WebUI Allows Arbitrary File Write via the `/models/upload` Endpoint
CVE-2024-7033	unknown	—	—	1y ago	Open WebUI Allows Arbitrary File Write via the `download_model` Endpoint
CVE-2024-7044	unknown	—	—	1y ago	Open WebUI Vulnerable to Cross-Site Scripting (XSS) via Chat File Upload
CVE-2024-12534	unknown	—	—	1y ago	Open WebUI Uncontrolled Resource Consumption vulnerability
CVE-2024-12537	unknown	—	—	1y ago	Open WebUI Uncontrolled Resource Consumption vulnerability
CVE-2024-7041	unknown	—	—	2y ago	open-webui Insecure Direct Object Reference (IDOR) vulnerability
CVE-2024-7038	unknown	—	—	2y ago	open-webui allows enumeration of file names and traversal of directories by observing the error messages
CVE-2024-7037	unknown	—	—	2y ago	open-webui allows writing and deleting arbitrary files
CVE-2024-6706	unknown	—	—	2y ago	Open WebUI Stored Cross-Site Scripting Vulnerability