Tag

Time-of-Check-Time-of-Use

1 brief RSS

Open WebUI LDAP/OAuth Race Condition Allows Multiple Admin Accounts (CVE-2026-45675)

Open WebUI versions 0.8.12 and earlier are vulnerable to a time-of-check-time-of-use (TOCTOU) race condition in the LDAP and OAuth authentication flows, allowing multiple concurrent requests on a fresh instance to bypass the first-user admin role assignment and resulting in multiple admin accounts (CVE-2026-45675).

open-webui privilege-escalation time-of-check-time-of-use race-condition cve-2026-45675 cloud

2r 1t 49m ago