CVE-2026-44551
published 2026-05-15CVE-2026-44551: Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not…
PriorityP265critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EXPLOIT
EPSS
1.46%
70.3th percentile
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accepts password: str with no minimum length constraint, so an empty string passes validation. The subsequent Connection.bind() call succeeds on vulnerable LDAP servers, and the application issues a full session token for the target user. This vulnerability is fixed in 0.9.0.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-webui | open-webui | < 0.9.0 | 0.9.0 |
| open-webui | open-webui | >= 0 < 0.9.0 | 0.9.0 |
| openwebui | open_webui | < 0.9.0 | 0.9.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect authentication bypass attempts by monitoring POST requests to /api/v1/auths/ldap with an empty password field in the JSON body. ↗
- →A successful exploit response will contain all three of the following strings in the body: '"token_type":', '{"id":', and '"name":', with HTTP status 200 — indicating a full session token was issued. ↗
- →Extract issued session tokens from successful exploit responses using the regex pattern '"token":"([^"]+)"' in the response body. ↗
- →Vulnerable Open WebUI instances can be discovered via Shodan using the query http.title:"Open WebUI". ↗
- ·The vulnerability only triggers on LDAP servers that permit anonymous/unauthenticated Simple Bind with an empty password — not all LDAP server configurations are affected. ↗
- ·The flaw exists because the LdapForm Pydantic model has no minimum length constraint on the password field, allowing an empty string to pass validation. Detection should focus on empty-password LDAP bind attempts rather than malformed requests. ↗
- ·This vulnerability is only present in Open WebUI versions prior to 0.9.0; instances running 0.9.0 or later are not affected. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Open WebUI 'LDAP Empty Password' - Authentication Bypass
nuclei·CVSS 9.1
CVE-2026-44551 [CRITICAL] Open WebUI 'LDAP Empty Password' - Authentication Bypass
Open WebUI 'LDAP Empty Password' - Authentication Bypass
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accepts password: str with no minimum length constraint, so an empty string passes validation. The subsequent Connection.bind() call succeeds on vulnerable LDAP servers, and the application issues a full session token for the target user. This vulnerability is fixed in 0.9.0.
Template:
id: CVE-2026-44551
info:
name: Open WebUI 'LDAP Empty Password' - Authentication Bypass
author: DhiyaneshDk
severity: critical
description: |
Open WebUI is a se
No writeups or analysis indexed.
2026-05-15
Published