PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45667 open-webui CVE debrief

Open WebUI versions prior to 0.8.0 expose an unauthenticated API endpoint (`GET /api/v1/memories/ef`) that triggers embedding generation through `request.app.state.EMBEDDING_FUNCTION(...)`. This allows any unauthenticated remote attacker to invoke embedding operations, which can result in direct financial cost exposure when configured with paid embedding providers. The vulnerability represents a missing authentication control (CWE-862) on a resource-intensive operation. The issue was disclosed publicly on 2026-05-15 and last modified on 2026-05-19. No known exploitation in ransomware campaigns has been reported.

Vendor
open-webui
Product
Unknown
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-15
Original CVE updated
2026-05-19
Advisory published
2026-05-15
Advisory updated
2026-05-19

Who should care

Organizations running Open WebUI instances prior to 0.8.0, particularly those using paid embedding providers or operating multi-tenant deployments where unauthenticated network access is possible. Security teams monitoring for API abuse and unexpected cloud service costs should prioritize this issue.

Technical summary

The `/api/v1/memories/ef` endpoint in Open WebUI prior to 0.8.0 lacks authentication requirements, permitting unauthenticated HTTP GET requests to trigger `EMBEDDING_FUNCTION` execution. This server-side function typically interfaces with external embedding providers (e.g., OpenAI, Azure, or self-hosted models with operational costs). Successful exploitation does not require user credentials or session tokens. The vulnerability is classified as CWE-862 (Missing Authorization) and carries a CVSS 3.1 score of 6.5 (MEDIUM) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L, indicating network accessibility, low attack complexity, no privilege requirements, and impacts to integrity and availability through resource consumption.

Defensive priority

medium

Recommended defensive actions

  • Upgrade Open WebUI to version 0.8.0 or later to remediate this vulnerability.
  • Review API access logs for unexpected `GET /api/v1/memories/ef` requests from unauthenticated sources, particularly those originating from external IP addresses.
  • If immediate patching is not feasible, implement network-level access controls (e.g., IP allowlisting, VPN requirements) to restrict access to the Open WebUI instance.
  • Audit embedding provider billing and usage dashboards for anomalous consumption patterns that may indicate exploitation.
  • Verify that authentication middleware is applied consistently across all API endpoints, especially those invoking external services with cost implications.

Evidence notes

CVE published 2026-05-15; modified 2026-05-19. Vendor advisory confirms authentication bypass on embedding function endpoint. CVSS 6.5 (MEDIUM) per NVD. CPE indicates affected versions: openwebui:open_webui versions prior to 0.8.0.

Official resources

public