Total CVEs

143,208

Critical Severity

4,054

High Severity

14,598

Last 7 Days

1,293
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 21 - 40 of 101 CVEs
CVE-2026-54019 MEDIUM - 6.5

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI added collection-level ACL checks, but the patch can still be bypassed when Milvus multitenancy mode is enabled. The ACL allows unknown non-KB collection names as legacy/ephe...

Vendor: pip
Product: open-webui
Published: Jun 17, 2026
Source: GitHub
CVE-2026-54018 HIGH - 7.7

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the SafePlaywrightURLLoader implements a validate_url function to prevent SSRF attacks by checking the IP address of the user-provided URL. However, this validation is performed only on...

Vendor: pip
Product: open-webui
Published: Jun 17, 2026
Source: GitHub
CVE-2026-54017 HIGH - 7.7

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse proxy in `backend/open_webui/routers/terminals.py` does not fully confine the user-controlled `path` segment before forwarding it to an admin-configured term...

Vendor: pip
Product: open-webui
Published: Jun 17, 2026
Source: GitHub
CVE-2026-54016 MEDIUM - 4.3

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI has a Broken Object Level Authorization (BOLA) vulnerability in the builtin search_knowledge_files tool. When native function calling is enabled and the selected model has no...

Vendor: pip
Product: open-webui
Published: Jun 17, 2026
Source: GitHub
CVE-2026-54015 MEDIUM - 6.4

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI's prompt version-history endpoints authorize the prompt_id in the URL but then act on caller-supplied history IDs without verifying that the history row belongs to that ...

Vendor: pip
Product: open-webui
Published: Jun 17, 2026
Source: GitHub
CVE-2026-54014 MEDIUM - 4.3

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, a path traversal vulnerability exists in open-webui's cache file serving endpoint that allows any authenticated user to read files from sibling directories outside the intended cac...

Vendor: pip
Product: open-webui
Published: Jun 17, 2026
Source: GitHub
CVE-2026-54013 HIGH - 7.6

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI patched SVG XSS in user profile images and webhook profile images but forgot to apply the same fix to model profile images. The ModelMeta class has no validate_profile_image_...

Vendor: pip
Product: open-webui
Published: Jun 17, 2026
Source: GitHub
CVE-2026-54012 HIGH - 7.1

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets a user who can create, update, or import workspace models store arbitrary meta.knowledge entries on their model without checking whether they own or can read the referen...

Vendor: pip
Product: open-webui
Published: Jun 17, 2026
Source: GitHub
CVE-2026-54011 HIGH - 8.7

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with securityLev...

Vendor: pip
Product: open-webui
Published: Jun 17, 2026
Source: GitHub
CVE-2026-54010 HIGH - 8.3

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets an authenticated user attach arbitrary file_id values to their own chat message without checking whether they own or can read those files. If the attacker then shares th...

Vendor: pip
Product: open-webui
Published: Jun 17, 2026
Source: GitHub
CVE-2026-54009 MEDIUM - 6.5

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/chat/completions accepts an image_url.url value that, when it does NOT start with http://, https://, or data:image/, is interpreted as a file id and resolved against the globa...

Vendor: pip
Product: open-webui
Published: Jun 17, 2026
Source: GitHub
CVE-2026-54008 HIGH - 8.5

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backend/open_webui/utils/oauth.py::_process_picture_url calls validate_url(picture_url) on the initial URL only, then invokes aiohttp.ClientSession.get(picture_url, ...) without allow_r...

Vendor: pip
Product: open-webui
Published: Jun 17, 2026
Source: GitHub
CVE-2026-54007 HIGH - 6.5

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the chat message listener allows non-same-origin input:prompt and action:submit messages, so an external site can set prompt text and trigger submitPrompt() in an authenticated victim s...

Vendor: pip
Product: open-webui
Published: Jun 17, 2026
Source: GitHub
CVE-2026-54006 MEDIUM - 4.3

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/v1/calendars/events/{event_id}/update validates that the caller has write access to the calendar the event currently belongs to, but does not validate the destination calendar...

Vendor: pip
Product: open-webui
Published: Jun 17, 2026
Source: GitHub
CVE-2026-45675 HIGH - 8.1

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) pattern for first-user admin role assignment. The regular signup handler (signup_handler in auths.py, lin...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45672 HIGH - 8.8

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLE_CODE_EXECUTION=false. The feature gate is n...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45671 HIGH - 8.0

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delete files owned by other users via DELETE /api/v1/files/{id} when the target file is referenced in any shared chat. The has_access_to_file() au...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45667 MEDIUM - 6.5

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v1/memories/ef is accessible without authentication and executes request.app.state.EMBEDDING_FUNCTION(...). This allows any unauthenticated caller to trigger embedding generati...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45666 MEDIUM - 6.5

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v1/notes/{note_id} endpoint lacks proper authorization checks, allowing authenticated users to retrieve notes belonging to other users by guessing or enumerating UUIDs. Th...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45665 HIGH - 8.1

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Banner component due to an improper sanitization order (specifically, DOMPurify is executed before the marked library). T...

Vendor: npm
Product: open-webui
Published: May 14, 2026
Source: GitHub