CVE-2026-45338

Open WebUI · Open WebUI

Open WebUI contains a security vulnerability within its self-hosted artificial intelligence platform that may expose the system to unauthorized access or manipulation.

Executive summary

A security vulnerability identified in the Open WebUI platform creates a high-risk exposure for self-hosted AI environments.

Vulnerability

This vulnerability affects the Open WebUI platform, though the specific technical mechanism is not detailed in the provided data. Administrators should assume that the flaw could allow unauthorized interaction with the AI model or the underlying host system.

Business impact

The CVSS score of 7.7 underscores a High severity risk, which could facilitate unauthorized access to AI-driven workflows and data. Successful exploitation could lead to data exfiltration or the manipulation of AI responses, causing potential operational and compliance risks for the organization.

Remediation

Immediate Action: Consult the official Open WebUI documentation and security advisories to determine if an update is available for your specific deployment.

Proactive Monitoring: Review application and system access logs for unauthorized attempts to access administrative functions within the WebUI.

Compensating Controls: Ensure that the Open WebUI instance is isolated from the public internet and require VPN or Zero Trust access for all users.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Administrators must prioritize the security of their Open WebUI environment by restricting access and monitoring for updates. The High severity rating requires proactive patching as soon as the vendor provides a corrected version.