Filtered by vendor Openwebui
Subscribe
Total
21 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8017 | 1 Openwebui | 1 Open Webui | 2025-07-21 | N/A | 9.0 CRITICAL |
| An XSS vulnerability exists in open-webui/open-webui versions <= 0.3.8, specifically in the function that constructs the HTML for tooltips. This vulnerability allows attackers to perform operations with the victim's privileges, such as stealing chat history, deleting chats, and escalating their own account to an admin if the victim is an admin. | |||||
| CVE-2024-7990 | 1 Openwebui | 1 Open Webui | 2025-07-21 | N/A | 8.4 HIGH |
| A stored cross-site scripting (XSS) vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the `/api/v1/models/add` endpoint, where the model description field is improperly sanitized before being rendered in chat. This allows an attacker to inject malicious scripts that can be executed by any user, including administrators, potentially leading to arbitrary code execution. | |||||
| CVE-2024-7983 | 1 Openwebui | 1 Open Webui | 2025-07-21 | N/A | 7.5 HIGH |
| In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to other requests until the conversion is complete. | |||||
| CVE-2024-7959 | 1 Openwebui | 1 Open Webui | 2025-07-21 | N/A | 7.7 HIGH |
| The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the attacker to access internal services and potentially gain command execution by accessing instance secrets. | |||||
| CVE-2024-12534 | 1 Openwebui | 1 Open Webui | 2025-07-18 | N/A | 7.5 HIGH |
| In version v0.3.32 of open-webui/open-webui, the application allows users to submit large payloads in the email and password fields during the sign-in process due to the lack of character length validation on these inputs. This vulnerability can lead to a Denial of Service (DoS) condition when a user submits excessively large strings, exhausting server resources such as CPU, memory, and disk space, and rendering the service unavailable for legitimate users. This makes the server susceptible to resource exhaustion attacks without requiring authentication. | |||||
| CVE-2024-7036 | 1 Openwebui | 1 Open Webui | 2025-07-18 | N/A | 7.5 HIGH |
| A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel to become unresponsive. This prevents administrators from performing essential user management actions such as deleting, editing, or adding users. The vulnerability can also be exploited by authenticated users with low privileges, leading to the same unresponsive state in the Admin panel. | |||||
| CVE-2024-7039 | 1 Openwebui | 1 Open Webui | 2025-07-18 | N/A | 6.7 MEDIUM |
| In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attacker, acting as an admin, to delete other administrators via the API endpoint `http://0.0.0.0:8080/api/v1/users/{uuid_administrator}`. This action is restricted by the user interface but can be performed through direct API calls. | |||||
| CVE-2024-7040 | 1 Openwebui | 1 Open Webui | 2025-07-18 | N/A | 4.9 MEDIUM |
| In version v0.3.8 of open-webui/open-webui, there is an improper access control vulnerability. On the frontend admin page, administrators are intended to view only the chats of non-admin members. However, by modifying the user_id parameter, it is possible to view the chats of any administrator, including those of other admin (owner) accounts. | |||||
| CVE-2024-7043 | 1 Openwebui | 1 Open Webui | 2025-07-18 | N/A | 8.8 HIGH |
| An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the GET /api/v1/files/ interface to retrieve information on all files uploaded by users, which includes the ID values. The attacker can then use the GET /api/v1/files/{file_id} interface to obtain information on any file and the DELETE /api/v1/files/{file_id} interface to delete any file. | |||||
| CVE-2024-30256 | 1 Openwebui | 1 Open Webui | 2025-06-30 | N/A | 6.4 MEDIUM |
| Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117. | |||||
| CVE-2025-46571 | 1 Openwebui | 1 Open Webui | 2025-06-17 | N/A | 5.4 MEDIUM |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, low privileged users can upload HTML files which contain JavaScript code via the `/api/v1/files/` backend endpoint. This endpoint returns a file id, which can be used to open the file in the browser and trigger the JavaScript code in the user's browser. Under the default settings, files uploaded by low-privileged users can only be viewed by admins or themselves, limiting the impact of this vulnerability. A link to such a file can be sent to an admin, and if clicked, will give the low-privileged user complete control over the admin's account, ultimately enabling RCE via functions. Version 0.6.6 contains a fix for the issue. | |||||
| CVE-2025-46719 | 1 Openwebui | 1 Open Webui | 2025-06-17 | N/A | 5.4 MEDIUM |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be executed in the user's browser every time that chat transcript is opened, allowing attackers to retrieve the user's access token and gain full control over their account. Chat transcripts can be shared with other users in the same server, or with the whole open-webui community if "Enable Community Sharing" is enabled in the admin panel. If this exploit is used against an admin user, it is possible to achieve Remote Code Execution on the server where the open-webui backend is hosted. This can be done by creating a new function which contains malicious python code. This vulnerability also affects chat transcripts uploaded to `https://openwebui.com/c/<user>/<chat_id>`, allowing for wormable stored XSS in https[:]//openwebui[.]com. Version 0.6.6 contains a patch for the issue. | |||||
| CVE-2025-29446 | 1 Openwebui | 1 Open Webui | 2025-05-28 | N/A | 3.3 LOW |
| open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection. | |||||
| CVE-2024-12537 | 1 Openwebui | 1 Open Webui | 2025-04-04 | N/A | 7.5 HIGH |
| In version 0.3.32 of open-webui/open-webui, the absence of authentication mechanisms allows any unauthenticated attacker to access the `api/v1/utils/code/format` endpoint. If a malicious actor sends a POST request with an excessively high volume of content, the server could become completely unresponsive. This could lead to severe performance issues, causing the server to become unresponsive or experience significant degradation, ultimately resulting in service interruptions for legitimate users. | |||||
| CVE-2024-7053 | 1 Openwebui | 1 Open Webui | 2025-04-01 | N/A | 9.0 CRITICAL |
| A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default `SameSite=Lax` and does not have the `Secure` flag enabled, allowing the session cookie to be sent over HTTP to a cross-origin domain. An attacker can exploit this by embedding a malicious markdown image in a chat, which, when viewed by an administrator, sends the admin's session cookie to the attacker's server. This can lead to a stealthy administrator account takeover, potentially resulting in remote code execution (RCE) due to the elevated privileges of administrator accounts. | |||||
| CVE-2024-8053 | 1 Openwebui | 1 Open Webui | 2025-03-27 | N/A | 8.2 HIGH |
| In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload, potentially leading to server resource exhaustion and denial of service (DoS). Additionally, unauthorized users can misuse the endpoint to generate PDFs without verification, resulting in service misuse and potential operational and financial impacts. | |||||
| CVE-2024-7806 | 1 Openwebui | 1 Open Webui | 2025-03-26 | N/A | 8.8 HIGH |
| A vulnerability in open-webui/open-webui versions <= 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery (CSRF). The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker to craft a malicious HTML that, when accessed by a victim, can modify the Python code of an existing pipeline and execute arbitrary code with the victim's privileges. | |||||
| CVE-2024-6707 | 2 Debian, Openwebui | 2 Debian Linux, Open Webui | 2024-11-21 | N/A | 8.8 HIGH |
| Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability. | |||||
| CVE-2024-6706 | 2 Debian, Openwebui | 2 Debian Linux, Open Webui | 2024-11-21 | N/A | 6.1 MEDIUM |
| Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page. | |||||
| CVE-2024-7038 | 1 Openwebui | 1 Open Webui | 2024-11-03 | N/A | 2.7 LOW |
| An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existence and configuration of the file. This behavior allows an attacker to enumerate file names and traverse directories by observing the error messages, leading to potential exposure of sensitive information. | |||||