Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
5 vulnerabilities by Open WebUI
CVE-2026-0767 (GCVE-0-2026-0767)
Vulnerability from cvelistv5 – Published: 2026-01-23 03:28 – Updated: 2026-01-23 16:33
VLAI
Title
Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability
Summary
Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of credentials provided to the endpoint. The issue results from transmitting sensitive information in plaintext. An attacker can leverage this vulnerability to disclose transmitted credentials, leading to further compromise. Was ZDI-CAN-28259.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Open WebUI | Open WebUI |
Affected:
0.6.32
|
Date Public
2026-01-09 16:36
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-23T16:33:42.787569Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T16:33:51.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Open WebUI",
"vendor": "Open WebUI",
"versions": [
{
"status": "affected",
"version": "0.6.32"
}
]
}
],
"dateAssigned": "2026-01-08T22:50:10.942Z",
"datePublic": "2026-01-09T16:36:36.010Z",
"descriptions": [
{
"lang": "en",
"value": "Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of credentials provided to the endpoint. The issue results from transmitting sensitive information in plaintext. An attacker can leverage this vulnerability to disclose transmitted credentials, leading to further compromise. Was ZDI-CAN-28259."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T03:28:39.523Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-26-033",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-033/"
}
],
"source": {
"lang": "en",
"value": "Peter Girnus (@gothburz), Brandon Niemczyk of Trend Zero Day Initiative"
},
"title": "Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2026-0767",
"datePublished": "2026-01-23T03:28:39.523Z",
"dateReserved": "2026-01-08T22:50:10.918Z",
"dateUpdated": "2026-01-23T16:33:51.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0766 (GCVE-0-2026-0766)
Vulnerability from cvelistv5 – Published: 2026-01-23 03:28 – Updated: 2026-02-26 14:44
VLAI
Title
Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability
Summary
Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability.
The specific flaw exists within the load_tool_module_by_id function. The issue results from the lack of proper validation of a user-supplied string before using it to execute Python code. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28257.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Open WebUI | Open WebUI |
Affected:
0.6.32
|
Date Public
2026-01-09 16:36
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-24T04:55:37.357072Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:27.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Open WebUI",
"vendor": "Open WebUI",
"versions": [
{
"status": "affected",
"version": "0.6.32"
}
]
}
],
"dateAssigned": "2026-01-08T22:50:07.401Z",
"datePublic": "2026-01-09T16:36:17.982Z",
"descriptions": [
{
"lang": "en",
"value": "Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the load_tool_module_by_id function. The issue results from the lack of proper validation of a user-supplied string before using it to execute Python code. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28257."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T03:28:35.773Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-26-032",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-032/"
}
],
"source": {
"lang": "en",
"value": "Peter Girnus (@gothburz), Brandon Niemczyk of Trend Zero Day Initiative"
},
"title": "Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2026-0766",
"datePublished": "2026-01-23T03:28:35.773Z",
"dateReserved": "2026-01-08T22:50:07.378Z",
"dateUpdated": "2026-02-26T14:44:27.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0765 (GCVE-0-2026-0765)
Vulnerability from cvelistv5 – Published: 2026-01-23 03:28 – Updated: 2026-02-26 14:44
VLAI
Title
Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability
Summary
Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability.
The specific flaw exists within the install_frontmatter_requirements function.The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28258.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Open WebUI | Open WebUI |
Affected:
0.6.32
|
Date Public
2026-01-09 16:36
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0765",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-24T04:55:38.516020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:27.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Open WebUI",
"vendor": "Open WebUI",
"versions": [
{
"status": "affected",
"version": "0.6.32"
}
]
}
],
"dateAssigned": "2026-01-08T22:50:03.336Z",
"datePublic": "2026-01-09T16:36:02.245Z",
"descriptions": [
{
"lang": "en",
"value": "Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the install_frontmatter_requirements function.The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28258."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T03:28:32.185Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-26-031",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-031/"
}
],
"source": {
"lang": "en",
"value": "Peter Girnus (@gothburz), Brandon Niemczyk of Trend Zero Day Initiative"
},
"title": "Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2026-0765",
"datePublished": "2026-01-23T03:28:32.185Z",
"dateReserved": "2026-01-08T22:50:03.282Z",
"dateUpdated": "2026-02-26T14:44:27.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-6707 (GCVE-0-2024-6707)
Vulnerability from cvelistv5 – Published: 2024-08-07 23:04 – Updated: 2024-08-08 15:02
VLAI
Title
Open WebUI Arbitrary File Upload + Path Traversal
Summary
Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Open WebUI | Open WebUI |
Affected:
0.1.105
|
|
| openwebui | open_webui |
Affected:
0.1.105
cpe:2.3:a:openwebui:open_webui:0.1.105:*:*:*:*:*:*:* |
Date Public
2024-08-07 23:01
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T15:02:49.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Aug/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/08/08/7"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openwebui:open_webui:0.1.105:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "open_webui",
"vendor": "openwebui",
"versions": [
{
"status": "affected",
"version": "0.1.105"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-6707",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T13:07:37.215856Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T13:16:33.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Open WebUI",
"repo": "https://github.com/open-webui/open-webui",
"vendor": "Open WebUI",
"versions": [
{
"status": "affected",
"version": "0.1.105"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jaggar Henry and Sean Segreti of KoreLogic, Inc."
}
],
"datePublic": "2024-08-07T23:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003eAttacker controlled files can be uploaded to arbitrary locations on the web server\u0027s filesystem by abusing a path traversal vulnerability.\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "Attacker controlled files can be uploaded to arbitrary locations on the web server\u0027s filesystem by abusing a path traversal vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T23:04:45.137Z",
"orgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9",
"shortName": "KoreLogic"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Open WebUI Arbitrary File Upload + Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9",
"assignerShortName": "KoreLogic",
"cveId": "CVE-2024-6707",
"datePublished": "2024-08-07T23:04:45.137Z",
"dateReserved": "2024-07-11T21:30:47.969Z",
"dateUpdated": "2024-08-08T15:02:49.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6706 (GCVE-0-2024-6706)
Vulnerability from cvelistv5 – Published: 2024-08-07 23:01 – Updated: 2024-08-08 15:02
VLAI
Title
Open WebUI Stored Cross-Site Scripting
Summary
Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page.
Severity
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
3 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Open WebUI | Open WebUI |
Affected:
0.1.105
|
|
| openwebui | open_webui |
Affected:
0.1.105
cpe:2.3:a:openwebui:open_webui:0.1.105:*:*:*:*:*:*:* |
Date Public
2024-08-07 22:54
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T15:02:48.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Aug/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/08/08/6"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openwebui:open_webui:0.1.105:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "open_webui",
"vendor": "openwebui",
"versions": [
{
"status": "affected",
"version": "0.1.105"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-6706",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T13:12:33.075223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T13:18:06.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Open WebUI",
"repo": "https://github.com/open-webui/open-webui",
"vendor": "Open WebUI",
"versions": [
{
"status": "affected",
"version": "0.1.105"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jaggar Henry and Sean Segreti of KoreLogic, Inc."
}
],
"datePublic": "2024-08-07T22:54:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003eAttackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page.\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:15.473Z",
"orgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9",
"shortName": "KoreLogic"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Open WebUI Stored Cross-Site Scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9",
"assignerShortName": "KoreLogic",
"cveId": "CVE-2024-6706",
"datePublished": "2024-08-07T23:01:15.473Z",
"dateReserved": "2024-07-11T21:30:45.204Z",
"dateUpdated": "2024-08-08T15:02:48.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}