CVE-2026-34222 in Open WebUIinfo

Summary

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there is a broken access control vulnerability in tool values. This issue has been patched in version 0.8.11.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Responsible

GitHub_M

Reservation

03/26/2026

Disclosure

04/01/2026

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
354738open-webui Open WebUI improper authorization285Not definedOfficial fixCVE-2026-34222

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!