CVE-2026-34222

CVSS v3.1

7.7

High

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there is a broken access control vulnerability in tool values. This issue has been patched in version 0.8.11.

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

CVE-2026-34222

Affected Products

Open-Webui

CVE-2026-34222

Weakness Enumeration

Related Identifiers

Affected Products

References · 3