CVE-2024-7036
published 2025-03-20CVE-2024-7036: A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.80%
51.9th percentile
A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel to become unresponsive. This prevents administrators from performing essential user management actions such as deleting, editing, or adding users. The vulnerability can also be exploited by authenticated users with low privileges, leading to the same unresponsive state in the Admin panel.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-webui | open-webui | 0 – 0.3.8 | — |
| open-webui | open-webui_open-webui | unspecified – latest | — |
| openwebui | open_webui | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Open WebUI Uncontrolled Resource Consumption vulnerability
ghsa·2025-03-20
CVE-2024-7036 [HIGH] CWE-400 Open WebUI Uncontrolled Resource Consumption vulnerability
Open WebUI Uncontrolled Resource Consumption vulnerability
A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel to become unresponsive. This prevents administrators from performing essential user management actions such as deleting, editing, or adding users. The vulnerability can also be exploited by authenticated users with low privileges, leading to the same unresponsive state in the Admin panel.
OSV
Open WebUI Uncontrolled Resource Consumption vulnerability
osv·2025-03-20
CVE-2024-7036 [HIGH] Open WebUI Uncontrolled Resource Consumption vulnerability
Open WebUI Uncontrolled Resource Consumption vulnerability
A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel to become unresponsive. This prevents administrators from performing essential user management actions such as deleting, editing, or adding users. The vulnerability can also be exploited by authenticated users with low privileges, leading to the same unresponsive state in the Admin panel.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-20
Published