CVE-2026-44552 open-webui CVE debrief

Who should care

Administrators and operators of Open WebUI, especially those using shared Redis across multiple instances for multi-region, blue-green, or clustered deployments. Security teams should also review environments where instance-to-instance isolation is expected.

Technical summary

The vulnerability is a cross-instance key collision in Redis caused by unprefixed tool_servers and terminal_servers entries in utils/tools.py. When multiple Open WebUI instances use the same Redis database, writes from one instance can replace data read by another. NVD lists the issue as CVSS 3.1 8.7 HIGH with vector AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N and identifies CWE-668. The vulnerable version range ends before 0.9.0.

Defensive priority

High. The issue can cross trust boundaries between separate Open WebUI instances that share Redis, and the impact includes confidentiality and integrity exposure across instances.

Recommended defensive actions

• Upgrade Open WebUI to version 0.9.0 or later.
• If immediate upgrading is not possible, stop sharing a Redis database between independent Open WebUI instances until all are patched.
• Review deployment topology to ensure instance-scoped data is isolated in Redis.
• Validate that any custom tooling or configuration management does not rely on shared Redis keys between instances.
• Monitor for unexpected changes in tool server configuration across Open WebUI instances.

Evidence notes

Based on the NVD record, the vulnerability is analyzed, affects cpe:2.3:a:openwebui:open_webui versions before 0.9.0, and references the GitHub Security Advisory GHSA-3x8w-4f7p-xxc2. The CVE description states that unprefixed Redis keys in utils/tools.py can collide when multiple Open WebUI instances share a Redis database, leading to cross-instance configuration overwrite. The CVSS vector provided by NVD is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N.

Official resources