Open-Webui

Open WebUI is vulnerable to an LDAP authentication bypass where the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server, potentially granting attackers complete account access.

Open WebUI versions up to 0.8.12 are vulnerable to cross-instance cache poisoning when multiple instances share a Redis backend, allowing an attacker with admin access on one instance to overwrite cache values used by other instances, leading to data exfiltration and prompt injection attacks.

Open WebUI is vulnerable to an access control bypass due to improper model chaining, allowing a regular user to create a model that chains to a restricted base model and query it using the admin's API key, bypassing access restrictions.