CVE-2026-45675
8.1 HIGHOpen WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline
Published: 2026-05-15 · Last updated: 2026-05-19
Severity and scoring
- CVSS
- 8.1 HIGH
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-269, CWE-362
Affected products
| Vendor | Product |
|---|---|
| openwebui | open_webui |
Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) pattern for first-user admin role assignment. The regular signup handler (signup_handler in auths.py, line 663) was explicitly patched to prevent this race with the comment "Insert with default role first to avoid TOCTOU race", but the LDAP and OAuth code paths were never updated with the same fix. This vulnerability is fixed in 0.9.0.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-45675
- [Patch]https://github.com/open-webui/open-webui/commit/96a0b3239b1aadb23fc359bf10849c9ba12fd6ec
- [Other]https://github.com/open-webui/open-webui/pull/23626
- [Vendor advisory]https://github.com/open-webui/open-webui/security/advisories/GHSA-h3ww-q6xx-w7x3
Related CVEs
Same vendor
- CVE-2026-45667 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (6.5 MEDIUM)
- CVE-2026-45666 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (6.5 MEDIUM)
- CVE-2026-45665 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (8.1 HIGH)
- CVE-2026-45365 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (5.4 MEDIUM)
- CVE-2026-45351 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (6.5 MEDIUM)
Same CWE
- CVE-2024-38487 — api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unint... (7.0 HIGH)
- CVE-2025-13036 — An authentication bypass security issue exists within FactoryTalk Historian Site Edition
- CVE-2026-12313 — Information disclosure, sandbox escape in the Security: Process Sandboxing component (4.7 MEDIUM)
- CVE-2026-12289 — Privilege escalation in the Graphics: WebRender component (8.8 HIGH)
- CVE-2026-8176 — The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Adminis... (7.5 HIGH)