Vulnerabilidades em open-webui
115 resultadosCVE-2026-45667MEDIUMOpen WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS)EPSS 0.3%CVE-2024-7049MEDIUMExposure of Token in open-webui/open-webuiEPSS 0.3%CVE-2026-44566HIGHOpen WebUI: Arbitrary File Upload and Path TraversalEPSS 0.3%CVE-2024-7038LOWInformation Disclosure in open-webui/open-webuiEPSS 0.3%CVE-2026-45398HIGHOpen WebUI: IDOR - Retrieval API Bypasses Knowledge Base Access ControlsEPSS 0.3%CVE-2026-45665HIGHOpen WebUI: Stored XSS in Banner Component via Improper Sanitization OrderEPSS 0.3%CVE-2026-44549HIGHOpen WebUI: Stored XSS in excel file previewEPSS 0.3%CVE-2026-45339MEDIUMOpen WebUI: API key endpoint restrictions bypassed via `x-api-key` header — full message processing on restricted endpointsEPSS 0.3%CVE-2026-44721HIGHOpen WebUI: Stored XSS via Model DescriptionEPSS 0.3%CVE-2026-45396MEDIUMOpen WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data ManipulationEPSS 0.3%CVE-2026-44556HIGHOpen WebUI: responses passthrough endpoint lacks access control authorizationEPSS 0.3%CVE-2026-44552HIGHOpen WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache PoisoningEPSS 0.3%CVE-2026-45401HIGHOpen WebUI: SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load EndpointsEPSS 0.3%CVE-2026-44554HIGHOpen WebUI: Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection OverwriteEPSS 0.3%CVE-2026-44570HIGHOpen WebUI: Inconsistent authorization controls within memories APIEPSS 0.3%CVE-2026-45400HIGHOpen WebUI: Server-Side Request Forgery (SSRF) bypass in `validate_url`EPSS 0.3%CVE-2026-44562MEDIUMOpen WebUI: Model Import Overwrites Any Model Without Ownership CheckEPSS 0.3%CVE-2025-46571MEDIUMOpen WebUI vulnerable to limited stored XSS vila uploaded html fileEPSS 0.3%CVE-2026-44550MEDIUMOpen WebUI: Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' AccountsEPSS 0.3%CVE-2026-54018HIGHOpen WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP RedirectsEPSS 0.3%