| CVE-2026-44566 |
critical |
9.8 |
9.8 |
13d ago |
Open WebUI Vulnerable to Arbitrary File Upload and Path Traversal |
|
| CVE-2026-44551 |
critical |
9.1 |
9.1 |
20d ago |
Open WebUI has an LDAP Empty Password Authentication Bypass |
|
| CVE-2026-45672 |
high |
8.8 |
8.8 |
14d ago |
Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed |
|
| CVE-2026-45315 |
high |
8.7 |
8.7 |
13d ago |
Open WebUI has stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions |
|
| CVE-2026-44549 |
high |
8.7 |
8.7 |
13d ago |
Open WebUI has stored XSS in Excel file preview |
|
| CVE-2026-44552 |
high |
8.7 |
8.7 |
20d ago |
Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning |
|
| CVE-2026-45401 |
high |
8.5 |
8.5 |
13d ago |
Open WebUI has a SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints (not addressed by CVE-2025-65958) |
|
| CVE-2026-45400 |
high |
8.5 |
8.5 |
13d ago |
Open WebUI has a Server-Side Request Forgery (SSRF) bypass in `validate_url` |
|
| CVE-2026-45331 |
high |
8.5 |
8.5 |
14d ago |
Open WebUI has a full SSRF Vulnerability in the RAG Web Search Feature |
|
| CVE-2026-44570 |
high |
8.3 |
8.3 |
13d ago |
Open WebUI has inconsistent authorization controls within memories API |
|
| CVE-2026-45301 |
high |
8.1 |
8.1 |
13d ago |
Open WebUI: Missing permission check in files API allows authenticated users to list, access and delete every uploaded file |
|
| CVE-2026-44565 |
high |
8.1 |
8.1 |
13d ago |
Open WebUI Arbitrary File Write, Delete via Path Traversal |
|
| CVE-2026-45402 |
high |
8.1 |
8.1 |
13d ago |
Open WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints |
|
| CVE-2026-45675 |
high |
8.1 |
8.1 |
13d ago |
Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts |
|
| CVE-2026-44554 |
high |
8.1 |
8.1 |
13d ago |
Open WebUI has Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite |
|
| CVE-2026-44553 |
high |
8.1 |
8.1 |
20d ago |
Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access |
|
| CVE-2026-45671 |
high |
8.0 |
8.0 |
14d ago |
Open WebUI: shared-chat branch ignores access_type, allowing unauthorized file deletion |
|
| CVE-2026-45338 |
high |
7.7 |
7.7 |
14d ago |
Open WebUI Vulnerable to SSRF via OAuth Profile Picture URL in _process_picture_url (oauth.py) |
|
| CVE-2026-45303 |
high |
7.7 |
7.7 |
14d ago |
Open WebUI has stored XSS via the HTML renedering view |
|
| CVE-2026-44555 |
high |
7.6 |
7.6 |
13d ago |
Open WebUI's Base Model Routing Bypasses Access Control via Model Chaining |
|
| CVE-2026-45398 |
high |
7.5 |
7.5 |
14d ago |
Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base Access Controls |
|
| CVE-2026-44721 |
high |
7.3 |
7.3 |
13d ago |
open-webui Vulnerable to Stored XSS via Model Description |
|
| CVE-2026-44567 |
high |
7.3 |
7.3 |
20d ago |
Open WebUI has Improper Authorization Control |
|
| CVE-2026-44569 |
high |
7.1 |
7.1 |
13d ago |
Open WebUI's Insecure Message Access Breaks Authorization |
|
| CVE-2026-45399 |
high |
7.1 |
7.1 |
13d ago |
Open WebUI: Low-privilege authenticated users can enumerate and stop global background tasks, causing system-wide chat disruption |
|
| CVE-2026-45349 |
high |
7.1 |
7.1 |
13d ago |
Open WebUI has Broken Access Control for Completions API |
|
| CVE-2026-44556 |
high |
7.1 |
7.1 |
13d ago |
Open WebUI's responses passthrough endpoint lacks access control authorization |
|
| CVE-2026-45350 |
high |
7.1 |
7.1 |
14d ago |
Open WebUI's chat completion API allows tool restrictions to be bypassed |
|
| CVE-2026-45316 |
low |
3.5 |
3.5 |
13d ago |
Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access) |
|