Openwebui

Open Webui

48 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.7

CVE-2026-34222

Exploit
  • EPSS 0.01%
  • Veröffentlicht 01.04.2026 17:02:21
  • Zuletzt bearbeitet 15.04.2026 15:25:35

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there is a broken access control vulnerability in tool values. This issue has been patched in version 0.8.11.

4.3

CVE-2026-29071

Exploit
  • EPSS 0.03%
  • Veröffentlicht 26.03.2026 23:54:38
  • Zuletzt bearbeitet 01.04.2026 16:09:53

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via `/api/v1/retrieval/query/collection`. Version 0.8.6 patches t...

8.1

CVE-2026-29070

Exploit
  • EPSS 0.04%
  • Veröffentlicht 26.03.2026 23:39:33
  • Zuletzt bearbeitet 01.04.2026 16:10:43

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has w...

7.1

CVE-2026-28788

Exploit
  • EPSS 0.04%
  • Veröffentlicht 26.03.2026 23:38:20
  • Zuletzt bearbeitet 01.04.2026 16:12:25

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the `POST /api/v1/retrieval/process/files/batch` endpoint...

4.3

CVE-2026-28786

Exploit
  • EPSS 0.02%
  • Veröffentlicht 26.03.2026 23:37:25
  • Zuletzt bearbeitet 30.03.2026 17:25:24

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a...

5.4

CVE-2026-26193

Exploit
  • EPSS 0.04%
  • Veröffentlicht 19.02.2026 19:15:03
  • Zuletzt bearbeitet 20.02.2026 20:15:37

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.44, aanually modifying chat history allows setting the `embeds` property on a response message, the content of which is loaded int...

5.4

CVE-2026-26192

Exploit
  • EPSS 0.04%
  • Veröffentlicht 19.02.2026 19:10:52
  • Zuletzt bearbeitet 20.02.2026 20:17:25

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.7.0, aanually modifying chat history allows setting the `html` property within document metadata. This causes the frontend to enter ...

6.5

CVE-2026-0767

  • EPSS 0.03%
  • Veröffentlicht 23.01.2026 03:28:39
  • Zuletzt bearbeitet 30.01.2026 19:36:59

Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not required to e...

8.8

CVE-2026-0766

  • EPSS 0.44%
  • Veröffentlicht 23.01.2026 03:28:35
  • Zuletzt bearbeitet 30.01.2026 19:47:56

Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerab...

8.8

CVE-2026-0765

  • EPSS 0.44%
  • Veröffentlicht 23.01.2026 03:28:32
  • Zuletzt bearbeitet 30.01.2026 19:48:35

Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit...