Open WebUI Vulnerabilities

pip ML UI

AI Threat Alert tracks 109 known vulnerabilities in Open WebUI, 1 rated critical — an AI/ML ml ui in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
38
Risk Score
109
Total CVEs
1
Critical
pip
Ecosystem
Jun 30, 2026
Last CVE
77%
Patch Rate
5d
Avg Time to Patch
143,258 stars 20,643 forks 449 issues Last push Jun 25, 2026
View on GitHub

Known Vulnerabilities (109 total, page 2 of 5)

Severity CVE ID Summary CVSS Published
MEDIUM CVE-2026-45317 Open-WebUI: CSRF image URL leaks session cookies 4.6 May 14, 2026 HIGH CVE-2026-45331 open-webui: SSRF bypass exposes cloud IAM credentials 8.5 May 14, 2026 HIGH CVE-2026-45338 open-webui: SSRF via OAuth picture claim leaks internal data 7.7 May 14, 2026 MEDIUM CVE-2026-45339 Open WebUI: API key restriction bypass via header swap 6.5 May 14, 2026 MEDIUM CVE-2026-45345 open-webui: IDOR allows unauthorized model modification 6.5 May 14, 2026 MEDIUM CVE-2026-45347 Open WebUI: blind SSRF via PDF export HTML injection 4.3 May 14, 2026 HIGH CVE-2026-45349 open-webui: auth bypass exposes all user chat histories 7.1 May 14, 2026 HIGH CVE-2026-45350 open-webui: missing authz allows admin tool hijacking 7.1 May 14, 2026 MEDIUM CVE-2026-45351 Open WebUI: admin system prompts exposed to all users 6.5 May 14, 2026 MEDIUM CVE-2026-45365 open-webui: auth bypass exposes admin-restricted models 5.4 May 14, 2026 MEDIUM CVE-2026-45385 Open WebUI: IDOR lets members tamper with admin messages 4.3 May 14, 2026 MEDIUM CVE-2026-45386 open-webui: auth bypass lets read-only users pin messages 4.3 May 14, 2026 MEDIUM CVE-2026-45387 open-webui: system prompt leakage via model read API 4.3 May 14, 2026 MEDIUM CVE-2026-45396 open-webui: mass assignment enables leaderboard poisoning 5.4 May 14, 2026 MEDIUM CVE-2026-45397 Open WebUI: unauthenticated RAG config leaks AI pipeline 5.3 May 14, 2026 HIGH CVE-2026-45398 open-webui: IDOR exposes private RAG knowledge bases 7.5 May 14, 2026 HIGH CVE-2026-45399 Open WebUI: task auth bypass enables cross-user DoS 7.1 May 14, 2026 HIGH CVE-2026-45400 open-webui: SSRF bypass via URL parser mismatch 8.5 May 14, 2026 HIGH CVE-2026-45401 open-webui: SSRF redirect bypass exposes internal services 8.5 May 14, 2026 HIGH GHSA-3wgj-c2hg-vm6q open-webui: XSS via OAuth SVG picture → account takeover 7.3 May 14, 2026 HIGH CVE-2026-45402 open-webui: auth bypass exposes any user's private files via RAG 8.1 May 14, 2026 MEDIUM CVE-2026-45666 open-webui: IDOR exposes cross-user note data 6.5 May 14, 2026 MEDIUM CVE-2026-45667 open-webui: unauth endpoint drains embedding budget/DoS 6.5 May 14, 2026 HIGH CVE-2026-45671 Open WebUI: auth bypass enables mass file deletion 8.0 May 14, 2026 HIGH CVE-2026-45672 open-webui: code exec gate bypass via API endpoint 8.8 May 14, 2026

Showing 26–50 of 109

Frequently asked questions

What is Open WebUI?

Open WebUI is an AI/ML ml ui tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does Open WebUI have?

Open WebUI has 109 known CVEs, 1 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is Open WebUI distributed in?

Open WebUI is distributed via the pip ecosystem and categorized as ml ui.

Where does the Open WebUI vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of Open WebUI?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor Open WebUI in your stack

Get instant alerts when new vulnerabilities affect Open WebUI. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring