CVE-2026-44552

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0

Description Open WebUI fails to apply the REDIS KEY PREFIX to the tool servers and terminal servers keys within the utils/tools.py file. In deployments where multiple instances share a single Redis database—such as multi-region, blue-green, or cluster topologies—these unprefixed keys collide. This allows an administrator on one instance to overwrite the configuration read by another instance, leading to cross-instance cache poisoning. Consequently, users on a victim instance may receive a poisoned tool server configuration, potentially allowing an attacker to exfiltrate chat content, user identities, and OAuth tokens, or deliver prompt injections via trusted tool outputs.

Recommendations Update to version 0.9.0.