Open WebUI Vulnerabilities

pip ML UI

AI Threat Alert tracks 109 known vulnerabilities in Open WebUI, 1 rated critical — an AI/ML ml ui in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
38
Risk Score
109
Total CVEs
1
Critical
pip
Ecosystem
Jun 30, 2026
Last CVE
77%
Patch Rate
5d
Avg Time to Patch
143,258 stars 20,643 forks 449 issues Last push Jun 25, 2026
View on GitHub

Known Vulnerabilities (109 total, page 1 of 5)

Severity CVE ID Summary CVSS Published
MEDIUM CVE-2026-56399 Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentially execute commands via instance secrets. 5.0 Jun 30, 2026 HIGH CVE-2026-54017 open-webui: double-encoded path traversal in terminal proxy 7.7 Jun 17, 2026 HIGH CVE-2026-54018 open-webui: SSRF via redirect bypass in Playwright loader 7.7 Jun 17, 2026 MEDIUM CVE-2026-54019 open-webui: RAG ACL bypass exposes private KB chunks 6.5 Jun 17, 2026 MEDIUM CVE-2026-54021 open-webui: auth bypass reaches restricted Ollama backends 6.3 Jun 17, 2026 MEDIUM CVE-2026-54022 open-webui: Yjs auth bypass exposes all user notes 5.3 Jun 17, 2026 MEDIUM CVE-2026-54006 open-webui: auth bypass allows cross-user calendar injection 4.3 Jun 17, 2026 HIGH CVE-2026-54007 open-webui: cross-origin postMessage forces model execution -- Jun 17, 2026 HIGH CVE-2026-54008 open-webui: SSRF via OAuth picture redirect bypass 8.5 Jun 17, 2026 MEDIUM CVE-2026-54009 open-webui: cross-user file read via auth bypass 6.5 Jun 17, 2026 HIGH CVE-2026-54010 Open WebUI: IDOR allows cross-user file read and delete 8.3 Jun 17, 2026 HIGH CVE-2026-54011 Open WebUI: Stored XSS via Mermaid loose mode in preview 8.7 Jun 17, 2026 HIGH CVE-2026-54012 Open WebUI: auth bypass enables cross-user file read/delete 7.1 Jun 17, 2026 HIGH CVE-2026-54013 Open WebUI: stored SVG XSS enables full account takeover 7.6 Jun 17, 2026 MEDIUM CVE-2026-54014 open-webui: path traversal exposes sibling dirs 4.3 Jun 17, 2026 MEDIUM CVE-2026-54015 Open WebUI: IDOR exposes private prompt history 6.4 Jun 17, 2026 MEDIUM CVE-2026-54016 Open WebUI: BOLA exposes private knowledge base files 4.3 Jun 17, 2026 HIGH CVE-2026-45665 open-webui: Stored XSS enables Super Admin session hijack 8.1 May 14, 2026 MEDIUM CVE-2026-45299 open-webui: Stored SVG XSS enables admin JWT theft 5.4 May 14, 2026 HIGH CVE-2026-45301 open-webui: BOLA exposes all users' uploaded files 8.1 May 14, 2026 HIGH CVE-2026-45303 Open WebUI: XSS iframe allows auth token exfiltration 7.7 May 14, 2026 HIGH CVE-2026-45315 open-webui: stored XSS → JWT theft and admin takeover 8.7 May 14, 2026 HIGH CVE-2026-45314 Open WebUI: Stored XSS via webhook SVG profile image -- May 14, 2026 LOW CVE-2026-45316 Open WebUI: read users can modify note pin state 3.5 May 14, 2026 MEDIUM CVE-2026-45318 open-webui: Stored XSS via Office file preview bypass 5.4 May 14, 2026

Showing 1–25 of 109

Frequently asked questions

What is Open WebUI?

Open WebUI is an AI/ML ml ui tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does Open WebUI have?

Open WebUI has 109 known CVEs, 1 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is Open WebUI distributed in?

Open WebUI is distributed via the pip ecosystem and categorized as ml ui.

Where does the Open WebUI vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of Open WebUI?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor Open WebUI in your stack

Get instant alerts when new vulnerabilities affect Open WebUI. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring