A high-severity vulnerability has been discovered in Open WebUI, a self-hosted artificial intelligence platform. This flaw could allow an unauthenticated remote attacker to execute arbitrary code, potentially leading to a complete compromise of the affected server, data theft, and disruption of AI services. Organizations are urged to apply the vendor-provided security patches immediately to mitigate this critical risk.

This vulnerability is an unauthenticated remote code execution (RCE) flaw within the Open WebUI platform. A remote attacker can exploit this by sending a specially crafted request to an exposed API endpoint. The endpoint fails to properly sanitize user-supplied input, allowing the attacker to inject and execute arbitrary commands on the underlying operating system with the privileges of the WebUI service account.

This vulnerability is rated as High severity with a CVSS score of 8.7. Successful exploitation could lead to a complete compromise of the server hosting the Open WebUI platform. The potential consequences include theft of sensitive proprietary data and models processed by the AI, unauthorized access to internal networks, deployment of ransomware, and using the compromised system to launch further attacks. The operational disruption and reputational damage from such an incident could be significant.

Immediate Action:

• Patch Immediately: Apply the security updates provided by the vendor across all affected instances of Open WebUI without delay.
• Monitor and Review Logs: Actively monitor for signs of exploitation. Review web server access logs, application logs, and system logs for any unusual or unauthorized activity, particularly requests to API endpoints that match exploit patterns.

Proactive Monitoring:

• Look for suspicious outbound network connections from the Open WebUI server to unknown destinations.
• Monitor for the creation of unexpected processes or files on the server, especially those initiated by the WebUI service account.
• Implement alerts for high CPU or memory utilization, which could indicate malicious code execution.

Compensating Controls:

• Restrict Access: If patching is not immediately feasible, restrict network access to the Open WebUI interface to only trusted IP addresses and internal networks.
• Web Application Firewall (WAF): Place the application behind a WAF with rules designed to detect and block command injection and other common web attack patterns.
• Principle of Least Privilege: Ensure the Open WebUI service is running with the minimum necessary permissions to limit the impact of a potential compromise.

Public Exploit Available: false

Given the high CVSS score of 8.7 and the risk of unauthenticated remote code execution, this vulnerability poses a critical threat to the organization. Although it is not currently listed on the CISA KEV catalog, its severity makes it a prime target for opportunistic attackers. We strongly recommend that all system owners prioritize the immediate deployment of the vendor-supplied patches to all affected systems to prevent a potential compromise. If patching is delayed, implement the suggested compensating controls as an interim measure.