CVE-2026-45665

Open WebUI · Open WebUI

Open WebUI contains an unspecified vulnerability within its self-hosted artificial intelligence platform.

Executive summary

An unspecified security vulnerability in the Open WebUI artificial intelligence platform poses a significant risk to organizational data integrity and system security.

Vulnerability

The provided documentation lacks specific technical details regarding the vulnerability type or the authentication requirements necessary for exploitation. Administrators must consult the vendor's security advisory to determine the exact attack vector and required user privileges.

Business impact

With a CVSS score of 8.1, this vulnerability is classified as High severity, indicating a substantial risk of system compromise. Successful exploitation could lead to unauthorized access to AI-driven workflows, data exfiltration, or potential service disruption of critical internal tooling.

Remediation

Immediate Action: Consult the official Open WebUI vendor security portal immediately to identify and apply the necessary security updates.

Proactive Monitoring: Review system access logs for anomalous behavior and monitor for unusual outbound traffic originating from the AI platform.

Compensating Controls: Ensure the instance is not exposed to the public internet and implement strict network access controls (ACLs) to restrict interaction to trusted internal users.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the High severity rating, it is imperative that security teams prioritize the investigation of this vulnerability within their environment. Administrators should verify their current version against the vendor's documentation and apply all recommended patches immediately to mitigate potential unauthorized access.