Open WebUI Vulnerabilities

pip ML UI

AI Threat Alert tracks 109 known vulnerabilities in Open WebUI, 1 rated critical — an AI/ML ml ui in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
38
Risk Score
109
Total CVEs
1
Critical
pip
Ecosystem
Jun 30, 2026
Last CVE
77%
Patch Rate
5d
Avg Time to Patch
143,258 stars 20,643 forks 449 issues Last push Jun 25, 2026
View on GitHub

Known Vulnerabilities (109 total, page 3 of 5)

Severity CVE ID Summary CVSS Published
HIGH CVE-2026-45675 Open WebUI: TOCTOU race grants admin on first OAuth/LDAP 8.1 May 14, 2026 HIGH GHSA-6xcp-7mpr-m7wm open-webui: CORS misconfiguration enables 1-click RCE 8.3 May 11, 2026 HIGH CVE-2026-44565 open-webui: path traversal enables file write/delete 8.1 May 11, 2026 HIGH CVE-2026-44569 Open WebUI: IDOR enables cross-user message tampering 7.1 May 11, 2026 MEDIUM CVE-2026-44571 open-webui: auth bypass allows message tampering 6.5 May 11, 2026 HIGH CVE-2026-44570 open-webui: IDOR exposes cross-user AI memory data 8.3 May 11, 2026 MEDIUM CVE-2026-44564 open-webui: auth bypass in collaborative doc editing 5.4 May 8, 2026 MEDIUM CVE-2026-44561 open-webui: auth bypass exposes private group channels 5.4 May 8, 2026 MEDIUM CVE-2026-44560 open-webui: RAG auth bypass exposes private files 6.5 May 8, 2026 MEDIUM CVE-2026-44568 open-webui: XSS in pending overlay enables session hijack 4.8 May 8, 2026 HIGH CVE-2026-44549 open-webui: XSS via XLSX preview enables session hijack 7.3 May 8, 2026 HIGH CVE-2026-44567 Open WebUI: auth bypass gives pending users full LLM access 7.3 May 8, 2026 HIGH CVE-2026-44566 Open WebUI: path traversal + file upload leads to RCE 7.3 May 8, 2026 HIGH CVE-2026-44721 open-webui: XSS in model descriptions steals session tokens 7.3 May 8, 2026 CRITICAL CVE-2026-44551 open-webui: LDAP auth bypass — full account takeover 9.1 May 8, 2026 MEDIUM CVE-2026-44550 open-webui: mass assignment enables cross-user folder injection 5.0 May 8, 2026 HIGH CVE-2026-44553 open-webui: stale Socket.IO role allows cross-user note R/W 8.1 May 8, 2026 HIGH CVE-2026-44552 open-webui: Redis cache poisoning enables cross-instance tool hijack 8.7 May 8, 2026 HIGH CVE-2026-44555 open-webui: access control bypass via model chaining 7.6 May 8, 2026 HIGH CVE-2026-44556 open-webui: auth bypass allows unrestricted model access 7.1 May 8, 2026 MEDIUM CVE-2026-44558 open-webui: permission bypass exposes channels publicly 5.4 May 8, 2026 HIGH CVE-2026-44554 open-webui: RAG poisoning via unauthorized KB overwrite 8.1 May 8, 2026 MEDIUM CVE-2026-44557 open-webui: auth bypass exposes all knowledge base metadata 4.3 May 8, 2026 MEDIUM CVE-2026-44559 open-webui: private channel member list exposed to any user 4.3 May 8, 2026 MEDIUM CVE-2026-44562 open-webui: missing authz enables model hijacking 6.5 May 8, 2026

Showing 51–75 of 109

Frequently asked questions

What is Open WebUI?

Open WebUI is an AI/ML ml ui tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does Open WebUI have?

Open WebUI has 109 known CVEs, 1 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is Open WebUI distributed in?

Open WebUI is distributed via the pip ecosystem and categorized as ml ui.

Where does the Open WebUI vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of Open WebUI?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor Open WebUI in your stack

Get instant alerts when new vulnerabilities affect Open WebUI. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring