A critical remote code execution vulnerability has been discovered in multiple Open products utilizing the Open WebUI component. This flaw, identified as CVE-2026-0766, allows an unauthenticated remote attacker to inject and execute arbitrary commands on the affected server, potentially leading to a full system compromise, data theft, or service disruption. Organizations are urged to apply vendor-supplied patches immediately to mitigate this high-severity risk.

This vulnerability is a command injection flaw within the load_tool_module_by_id function of the Open WebUI. The function fails to properly sanitize user-supplied input before passing it to a system shell command. A remote, unauthenticated attacker can exploit this by crafting a malicious request containing specially formatted input (e.g., shell metacharacters like ;, |, &&) for the tool ID parameter. This injected input is then executed as a command on the underlying operating system with the privileges of the web application user, resulting in remote code execution (RCE).

This vulnerability is rated as High severity with a CVSS score of 8.8. Successful exploitation could lead to a complete compromise of the affected server, posing a significant threat to the business. Potential consequences include unauthorized access to and exfiltration of sensitive corporate or customer data, deployment of ransomware leading to major operational disruption, and financial loss. A compromised server could also be used as a staging point for further attacks against the internal network, escalating the incident's scope. Such a breach could result in severe reputational damage and potential regulatory fines.

Immediate Action: Apply the security patches released by the vendor immediately, prioritizing all internet-facing systems. After patching, it is crucial to review web server and application access logs for any unusual requests targeting the load_tool_module_by_id function or any other signs of compromise that may have occurred before the patch was applied.

Proactive Monitoring: Implement enhanced monitoring to detect potential exploitation attempts. Security teams should look for the following indicators:

• Log Analysis: Search web server and application logs for requests to the vulnerable endpoint containing shell metacharacters (e.g., ;, |, &, $, (), `).
• Network Traffic: Monitor for anomalous outbound connections from affected servers, which could indicate data exfiltration or a reverse shell connection to an attacker's command-and-control server.
• System Behavior: Utilize Endpoint Detection and Response (EDR) tools to detect suspicious process execution, such as a web server process spawning a shell (sh, bash, cmd.exe, powershell.exe).

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Web Application Firewall (WAF): Deploy a WAF rule to inspect and block incoming requests that contain command injection patterns targeting the vulnerable function.
• Network Segmentation: Restrict outbound network access from the affected server to only essential services and destinations, limiting an attacker's ability to exfiltrate data or communicate with external servers.
• Least Privilege: Ensure the web application is running with the minimum necessary user permissions to limit the impact of a successful RCE attack.

Public Exploit Available: false

Given the high severity (CVSS 8.8) and the critical impact of a successful Remote Code Execution attack, immediate action is required. We strongly advise all organizations to prioritize the application of vendor-supplied patches to all affected systems, starting with those directly exposed to the internet. While this vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its high potential for exploitation means it should be treated with the same level of urgency. Proactive monitoring for indicators of compromise should be implemented immediately to detect any malicious activity.