Detections
Analytics

Open WebUI < 0.9.5 Multiple Vulnerabilities

high Nessus Plugin ID 314912

Synopsis

An AI platform running on the remote host is affected by multiple vulnerabilities.

Description

The version of Open WebUI running on the remote host is prior to 0.9.5. It is, therefore, affected by multiple vulnerabilities:

 - An insecure direct object reference (IDOR) vulnerability in the retrieval API allows any authenticated user who knows a private knowledge base UUID to bypass access controls and read, inject content into, or destroy another user's knowledge base. The _validate_collection_access() function only checks user-memory-* and file-* collection name prefixes but does not validate knowledge base collections which use raw UUIDs. (CVE-2026-45398)

 - A server-side request forgery (SSRF) vulnerability exists because the validate_url() function only validates the initial URL submitted by the caller. HTTP clients used downstream follow 3xx redirects by default without re-validating the redirect target against the private-IP block list. Any authenticated user can submit a public URL that redirects to an internal address and read the response. (CVE-2026-45401)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Open WebUI version 0.9.5 or later.

See Also

http://www.nessus.org/u?47d441b2

http://www.nessus.org/u?2f35f14e

Plugin Details

Severity: High

ID: 314912

File Name: open_webui_0_9_5.nasl

Version: 1.1

Type: Remote

Published: 5/15/2026

Updated: 5/15/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: High

Base Score: 8.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-45398

CVSS v3

Risk Factor: High

Base Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

CVSS Score Source: CVE-2026-45401

CVSS v4

Risk Factor: High

Base Score: 8.4

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

Vulnerability Information

CPE: cpe:/a:openwebui:open_webui

Required KB Items: installed_sw/Open WebUI

Patch Publication Date: 5/10/2026

Vulnerability Publication Date: 5/10/2026

Reference Information

CVE: CVE-2026-45398, CVE-2026-45401