CVE-2026-44551 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline · QSearch CVE Watch

Severity and scoring

CVSS: 9.1 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-287

Affected products

Vendor	Product
openwebui	open_webui

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accepts password: str with no minimum length constraint, so an empty string passes validation. The subsequent Connection.bind() call succeeds on vulnerable LDAP servers, and the application issues a full session token for the target user. This vulnerability is fixed in 0.9.0.

Source: NVD

QSearch commentary

Self-hosted AI platforms reach buyers faster than their security posture matures. Open WebUI's vulnerability mirrors the pattern we see across this category: rapid deployment, optimistic-default exposure, and a control plane that grants more privilege than the deployer realized. QSearch's AI Security pillar treats the runtime, control plane, and RAG pipeline as a single attack surface — auditing them separately misses the cross-boundary chains where this class of defect lives.

— QSearch Security Research · 2026-05-19

Our researchers flagged this attack class earlier

In prior coverage, QSearch researchers identified this attack class as a high-likelihood target. This CVE confirms that prediction.

Read the prior coverage →

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-44551
[Vendor advisory]https://github.com/open-webui/open-webui/security/advisories/GHSA-2r4p-jpmg-48f4

Engagement axis

This CVE class is addressed in the QSearch ai-security axis.

Learn more about this axis →

Related CVEs

Same vendor

CVE-2026-45667 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (6.5 MEDIUM)
CVE-2026-45666 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (6.5 MEDIUM)
CVE-2026-45665 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (8.1 HIGH)
CVE-2026-45365 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (5.4 MEDIUM)
CVE-2026-45351 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (6.5 MEDIUM)

Same CWE

CVE-2026-47838 — SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wr... (6.8 MEDIUM)
CVE-2026-49848 — FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implem... (4.3 MEDIUM)
CVE-2026-49843 — FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implem... (5.3 MEDIUM)
CVE-2026-44810 — Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally (8.4 HIGH)
CVE-2026-41720 — Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an ... (7.4 HIGH)