cbcvebase.
CVE-2026-44551
published 2026-05-15

CVE-2026-44551: Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not…

PriorityP265critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EXPLOIT
EPSS
1.46%
70.3th percentile
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accepts password: str with no minimum length constraint, so an empty string passes validation. The subsequent Connection.bind() call succeeds on vulnerable LDAP servers, and the application issues a full session token for the target user. This vulnerability is fixed in 0.9.0.

Affected

3 ranges
VendorProductVersion rangeFixed in
open-webuiopen-webui< 0.9.00.9.0
open-webuiopen-webui>= 0 < 0.9.00.9.0
openwebuiopen_webui< 0.9.00.9.0

Detection & IOCsextracted from sources · hover to see the quote

url/api/v1/auths/ldap
othershodan:http.title:"Open WebUI"
command{"user":"{{username}}","password":""}
  • Detect authentication bypass attempts by monitoring POST requests to /api/v1/auths/ldap with an empty password field in the JSON body.
  • A successful exploit response will contain all three of the following strings in the body: '"token_type":', '{"id":', and '"name":', with HTTP status 200 — indicating a full session token was issued.
  • Extract issued session tokens from successful exploit responses using the regex pattern '"token":"([^"]+)"' in the response body.
  • Vulnerable Open WebUI instances can be discovered via Shodan using the query http.title:"Open WebUI".
  • ·The vulnerability only triggers on LDAP servers that permit anonymous/unauthenticated Simple Bind with an empty password — not all LDAP server configurations are affected.
  • ·The flaw exists because the LdapForm Pydantic model has no minimum length constraint on the password field, allowing an empty string to pass validation. Detection should focus on empty-password LDAP bind attempts rather than malformed requests.
  • ·This vulnerability is only present in Open WebUI versions prior to 0.9.0; instances running 0.9.0 or later are not affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.