CVE-2026-56400 open-webui Cross-Origin Resource Sharing Misconfiguration Leads to RCE
A cross-origin resource sharing (CORS) misconfiguration in open-webui versions prior to 0.3.14 allows remote attackers to achieve arbitrary code execution by crafting malicious cross-site requests that an authenticated administrator user visits.
CVE-2026-56400 describes a critical vulnerability in open-webui versions prior to 0.3.14, stemming from a cross-origin resource sharing (CORS) misconfiguration. The application's allow_origins=* setting, coupled with authenticated access to the /api/v1/functions endpoint, creates a pathway for remote code execution (RCE). Attackers can exploit this by hosting a malicious website containing specially crafted JavaScript. If an authenticated administrator user of an affected open-webui instance visits this attacker-controlled site, the malicious script can bypass same-origin policy restrictions and make authenticated requests to the vulnerable /api/v1/functions endpoint on the open-webui server, leading to arbitrary code execution. This vulnerability poses a significant risk as it allows an unauthenticated attacker to compromise the entire open-webui instance if an admin user is successfully enticed to a malicious page.
Attack Chain
- Attacker hosts a malicious website: The attacker prepares a website containing JavaScript code designed to exploit the CORS misconfiguration in open-webui.
- Attacker lures an authenticated open-webui admin user: The attacker uses social engineering or other means to trick an administrator user of an open-webui instance into visiting the malicious website.
- Malicious JavaScript executes in the victim's browser: Upon visiting the attacker's site, the malicious JavaScript payload is executed within the context of the administrator's web browser.
- Cross-origin authenticated request initiated: The malicious JavaScript crafts and sends an authenticated
POSTrequest to the vulnerable[open-webui-host]/api/v1/functionsendpoint, leveraging the victim's active session cookies. - CORS misconfiguration bypasses security: Due to the
allow_origins=*setting on the open-webui server, the cross-origin request is allowed by the server and processed as if it originated from the legitimate open-webui domain, accepting the victim's authentication. - Remote code execution via
/api/v1/functions: The specific vulnerability within the/api/v1/functionsendpoint is triggered by parameters within the crafted request, leading to arbitrary code execution on the underlying open-webui server. - Attacker achieves objectives: With arbitrary code execution, the attacker can achieve various objectives, such as installing backdoors, exfiltrating data, or further compromising the system.
Impact
Successful exploitation of CVE-2026-56400 grants an attacker arbitrary code execution on the open-webui instance. This can lead to complete compromise of the open-webui application and potentially the underlying server, allowing for data exfiltration, unauthorized access, deployment of further malicious payloads, or denial of service. The impact extends to any data or services managed by the open-webui instance, posing a significant risk to the integrity and confidentiality of information processed by the system.
Recommendation
- Upgrade open-webui instances to version 0.3.14 or later immediately to patch CVE-2026-56400.
- Educate users, particularly administrators, about the risks of visiting untrusted websites and the importance of recognizing phishing attempts, which are part of the attack chain for CVE-2026-56400.
- Monitor webserver logs for unexpected
POSTrequests to the/api/v1/functionsendpoint originating from unusualRefererorOriginheaders (if your webserver logs capture these).