91 Total advisories
91 Vulnerabilities
0 Malware
Vulnerabilities
MEDIUM 5.4
CVE-2026-44564
Read-Only Open WebUI Users Can Modify Collaborative Documents via Socket.IO
HIGH 8.7
CVE-2026-45315
Open WebUI has stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions
HIGH 7.1
CVE-2026-45350
Open WebUI's chat completion API allows tool restrictions to be bypassed
HIGH 7.7
CVE-2026-45338
Open WebUI Vulnerable to SSRF via OAuth Profile Picture URL in _process_picture_url (oauth.py)
MEDIUM 6.5
CVE-2026-45666
Open WebUI has an Indirect Object Reference (IDOR) in user notes
MEDIUM 5.4
CVE-2026-45365
Open WebUI: Authenticated users can bypass model access control via exposed query parameter [AI-ASSISTED]
MEDIUM 6.5
CVE-2026-45667
Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS)
MEDIUM 6.5
CVE-2026-45351
Open WebUI Exposes System Prompt to Regular User [Non-Admin]
MEDIUM 4.6
CVE-2026-45317
Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF) via Image URL Manipulation
MEDIUM 4.3
CVE-2026-45347
Open WebUI vulnerable to blind server side request forgery (SSRF) via the PDF generate function
MEDIUM 5.4
CVE-2026-45318
Open WebUI has stored XSS via unsanitized Office/Excel/DOCX file preview rendering ({@html} without DOMPurify)
MEDIUM 6.5
CVE-2026-45345
Open WebUI missing authorization check at the model update function - models from other users can be updated
MEDIUM 5.4
CVE-2026-45299
Open WebUI has Stored Cross-Site Scripting In Profile Picture
HIGH 7.3
CVE-2026-44567
Open WebUI has Improper Authorization Control
MEDIUM 6.1
CVE-2026-45314
Open WebUI has XSS via SVG in /api/v1/channels/webhooks/{webhook_id}/profile/image
HIGH 7.7
CVE-2026-45303
Open WebUI has stored XSS via the HTML renedering view
HIGH 8.1
CVE-2026-45301
Open WebUI: Missing permission check in files API allows authenticated users to list, access and delete every uploaded file
HIGH 7.3
CVE-2026-44549
Open WebUI has stored XSS in Excel file preview
HIGH 7.1
CVE-2026-44569
Open WebUI's Insecure Message Access Breaks Authorization
LOW 3.5
CVE-2026-45316
Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)
MEDIUM 6.5
CVE-2026-44571
Open WebUI's Improper Authorization in Standard Channels Allows Message Updates with Read Permission
HIGH 8.1
CVE-2026-44565
Open WebUI Arbitrary File Write, Delete via Path Traversal
HIGH 8.3
CVE-2026-44570
Open WebUI has inconsistent authorization controls within memories API
HIGH 7.3
CVE-2026-44566
Open WebUI Vulnerable to Arbitrary File Upload and Path Traversal
MEDIUM 4.3
CVE-2026-45385
Open WebUI has an IDOR vulnerability in the update_message_by_id API endpoint
MEDIUM 6.5
CVE-2026-44562
Open WebUI's Model Import Overwrites Any Model Without Ownership Check
MEDIUM 5.4
CVE-2026-45396
Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation
HIGH 8.5
CVE-2026-45401
Open WebUI has a SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints (not addressed by CVE-2025-65958)
HIGH 8.1
CVE-2026-45402
Open WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints
MEDIUM 5.3
CVE-2026-45397
Open WebUI Vulnerable to Unauthenticated RAG Configuration Disclosure
MEDIUM 4.3
CVE-2026-44557
Open WebUI vulnerable to Global Knowledge Base Enumeration via knowledge-bases Meta-Collection
MEDIUM 5.4
CVE-2026-44563
Open WebUI's Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show
HIGH 7.1
CVE-2026-44556
Open WebUI's responses passthrough endpoint lacks access control authorization
CRITICAL 9.1
CVE-2026-44551
Open WebUI has an LDAP Empty Password Authentication Bypass
HIGH 8.5
CVE-2026-45331
Open WebUI has a full SSRF Vulnerability in the RAG Web Search Feature
MEDIUM 5.4
CVE-2026-44561
Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels
HIGH 8.8
CVE-2026-45672
Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed
MEDIUM 4.3
CVE-2026-45386
Open WebUI has an IDOR vulnerability in the pin_channel_message API endpoint
HIGH 7.5
CVE-2026-45398
Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base Access Controls
HIGH 8.7
CVE-2026-44552
Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning
HIGH 8.1
CVE-2026-44553
Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access
HIGH 8.1
CVE-2026-45675
Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts
HIGH 7.1
CVE-2026-45349
Open WebUI has Broken Access Control for Completions API
MEDIUM 6.5
CVE-2026-44560
Open WebUI has Unauthorized File and Knowledge Base Content Access via RAG Vector Search
MEDIUM 4.3
CVE-2026-45387
Open WebUI: Sharing models for others to use (read permission) also exposes model details (system prompt leakage)
HIGH 7.3
CVE-2026-44721
open-webui Vulnerable to Stored XSS via Model Description
MEDIUM 5.0
CVE-2026-44550
Open WebUI's Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts
HIGH 8.1
CVE-2026-44554
Open WebUI has Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite
HIGH 7.6
CVE-2026-44555
Open WebUI's Base Model Routing Bypasses Access Control via Model Chaining
HIGH 8.5
CVE-2026-45400
Open WebUI has a Server-Side Request Forgery (SSRF) bypass in `validate_url`
MEDIUM 4.8
CVE-2026-44568
Open WebUI has Stored XSS in Pending User Overlay via Incorrect DOMPurify Application Order
MEDIUM 4.3
CVE-2026-44559
Open WebUI Missing Access Check on Channel Members Endpoint for Standard Channels
HIGH 7.1
CVE-2026-45399
Open WebUI: Low-privilege authenticated users can enumerate and stop global background tasks, causing system-wide chat disruption
MEDIUM 5.4
CVE-2026-44558
Open WebUI's Channel Access Grants Bypass filter_allowed_access_grants
HIGH 8.0
CVE-2026-45671
Open WebUI: shared-chat branch ignores access_type, allowing unauthorized file deletion
HIGH 7.3
GHSA-3wgj-c2hg-vm6q
Open WebUI vulnerable to stored XSS via OAuth picture claim stored as SVG data URI in profile_image_url
HIGH 8.3
GHSA-6xcp-7mpr-m7wm
Open WebUI has a CORS misconfiguration and session validation issue
HIGH 7.7
CVE-2026-34222
Open WebUI has Broken Access Control in Tool Valves
LOW 3.1
CVE-2026-29071
Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories
MEDIUM 4.3
CVE-2026-28786
Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`
MEDIUM 5.4
CVE-2026-29070
Open WebUI has unauthorized deletion of knowledge files
HIGH 7.1
CVE-2026-28788
Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite
HIGH 8.5
CVE-2025-65958
Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web
UNKNOWN
CVE-2025-63681
open-webui is Vulnerable to Incorrect Access Control
HIGH 8.7
CVE-2025-64495
Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE
HIGH 7.3
CVE-2025-64496
Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events
MEDIUM 4.3
CVE-2024-7045
Open WebUI Has Improper Access Control Leading to Arbitrary Prompt Read
MEDIUM 4.3
CVE-2024-7046
Open WebUI Allows Viewing of Admin Details
HIGH 8.1
CVE-2024-7043
Open WebUI Allows Arbitrary File Reading and Deletion
HIGH 7.5
CVE-2024-7983
Open WebUI denial of service through endpoint for converting markdown
HIGH 8.1
CVE-2024-8060
Open WebUI allows Remote Code Execution via Arbitrary File Upload to /audio/api/v1/transcriptions
MEDIUM 6.5
CVE-2024-7041
open-webui Insecure Direct Object Reference (IDOR) vulnerability
HIGH 8.3
CVE-2024-7039
Open WebUI Allows Admin Deletion via API Endpoint
HIGH 7.5
CVE-2024-7036
Open WebUI Uncontrolled Resource Consumption vulnerability
HIGH 7.5
GHSA-5ccf-884p-4jjq
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability
HIGH 7.5
GHSA-6wj5-5pgr-jwq8
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability in api/chat/file
HIGH 7.5
GHSA-w466-2wfc-8g58
Open WebUI has vulnerable dependency on starlette via fastapi
HIGH 7.5
CVE-2024-12537
Open WebUI Uncontrolled Resource Consumption vulnerability
HIGH 7.5
CVE-2024-8053
Open WebUI lacks authentication for the `api/v1/utils/pdf` endpoint
MEDIUM 6.9
CVE-2024-7035
Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF)
HIGH 8.4
CVE-2024-7990
Open WebUI stored cross-site scripting (XSS) vulnerability
HIGH 7.7
CVE-2024-7959
Open WebUI has SSRF in /openai/models
HIGH 8.0
CVE-2024-7806
Open WebUI Cross-Site Request Forgery (CSRF) Vulnerability
HIGH 7.5
CVE-2024-12534
Open WebUI Uncontrolled Resource Consumption vulnerability
HIGH 7.6
CVE-2024-7053
Open WebUI Vulnerable to a Session Fixation Attack
MEDIUM 6.8
CVE-2024-7044
Open WebUI Vulnerable to Cross-Site Scripting (XSS) via Chat File Upload
MEDIUM 6.5
CVE-2024-7034
Open WebUI Allows Arbitrary File Write via the `/models/upload` Endpoint
MEDIUM 6.5
CVE-2024-7033
Open WebUI Allows Arbitrary File Write via the `download_model` Endpoint
LOW 2.7
CVE-2024-7038
open-webui allows enumeration of file names and traversal of directories by observing the error messages
MEDIUM 6.5
CVE-2024-7037
open-webui allows writing and deleting arbitrary files
MEDIUM 6.1
CVE-2024-6706
Open WebUI Stored Cross-Site Scripting Vulnerability
Ready to move
Start Securing
Free, no credit card | First findings in minutes