VYPR

Open Webui

by Openwebui

Source repositories

CVEs (122)

  • CVE-2026-54014Jun 17, 2026
    risk 0.00cvss epss 0.00

    ## Summary A path traversal vulnerability exists in open-webui's cache file serving endpoint that allows any authenticated user to read files from sibling directories outside the intended cache directory, by exploiting an incomplete `startswith` containment check that lacks a…

  • CVE-2026-54009Jun 17, 2026
    risk 0.00cvss epss 0.00

    ## summary `POST /api/chat/completions` accepts an `image_url.url` value that, when it does NOT start with `http://`, `https://`, or `data:image/`, is interpreted as a file id and resolved against the global file table with no ownership check. An authenticated user can…

  • CVE-2026-54006Jun 17, 2026
    risk 0.00cvss epss 0.00

    ### Summary `POST /api/v1/calendars/events/{event_id}/update` validates that the caller has **write** access to the calendar the event *currently* belongs to, but does not validate the **destination** `calendar_id` supplied in the request body. The model layer then persists the…

  • CVE-2026-28786Mar 26, 2026
    risk 0.00cvss epss 0.00

    Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a `FileNotFoundError` whose…

  • CVE-2026-26193Feb 19, 2026
    risk 0.00cvss epss 0.00

    Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.44, aanually modifying chat history allows setting the `embeds` property on a response message, the content of which is loaded into an iFrame with a sandbox…

  • CVE-2026-26192Feb 19, 2026
    risk 0.00cvss epss 0.00

    Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.7.0, aanually modifying chat history allows setting the `html` property within document metadata. This causes the frontend to enter a code path that treats…

  • CVE-2026-0767Jan 23, 2026
    risk 0.00cvss epss 0.00

    Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not required to exploit this vulnerability. …

  • CVE-2026-0766Jan 23, 2026
    risk 0.00cvss epss 0.27

    Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw…

  • CVE-2026-0765Jan 23, 2026
    risk 0.00cvss epss 0.02

    Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The…

  • CVE-2025-63391Dec 18, 2025
    risk 0.00cvss epss 0.01

    An authentication bypass vulnerability exists in Open-WebUI <=0.6.32 in the /api/config endpoint. The endpoint lacks proper authentication and authorization controls, exposing sensitive system configuration data to unauthenticated remote attackers.

  • CVE-2025-65959Dec 4, 2025
    risk 0.00cvss epss 0.00

    Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Stored XSS vulnerability was discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags…

  • CVE-2025-65958Dec 4, 2025
    risk 0.00cvss epss 0.04

    Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Server-Side Request Forgery (SSRF) vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This…

  • CVE-2025-63681Dec 4, 2025
    risk 0.00cvss epss 0.00

    open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers (a normal user) to stop arbitrary LLM response tasks.

  • CVE-2025-64496Nov 8, 2025
    risk 0.00cvss epss 0.08

    Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.6.224 and prior contain a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in…

  • CVE-2025-64495Nov 8, 2025
    risk 0.00cvss epss 0.00

    Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. In versions 0.6.34 and below, the functionality that inserts custom prompts into the chat window is vulnerable to DOM XSS when 'Insert Prompt as Rich Text' is enabled, since the…

  • CVE-2025-46719May 5, 2025
    risk 0.00cvss epss 0.00

    Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript…

  • CVE-2025-46571May 5, 2025
    risk 0.00cvss epss 0.00

    Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, low privileged users can upload HTML files which contain JavaScript code via the `/api/v1/files/` backend endpoint. This endpoint returns a file id, which…

  • CVE-2025-29446Apr 21, 2025
    risk 0.00cvss epss 0.00

    open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection.

  • CVE-2024-8017Mar 20, 2025
    risk 0.00cvss epss 0.01

    An XSS vulnerability exists in open-webui/open-webui versions <= 0.3.8, specifically in the function that constructs the HTML for tooltips. This vulnerability allows attackers to perform operations with the victim's privileges, such as stealing chat history, deleting chats, and…

  • CVE-2024-7053Mar 20, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default `SameSite=Lax` and does not have the `Secure` flag enabled, allowing the session…

Page 5 of 7