Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v1/memories/ef is accessible without authentication and executes request.app.state.EMBEDDING_FUNCTION(...). This allows any unauthenticated caller to trigger embedding generation which can lead to direct cost exposure if a paid provider is used. This vulnerability is fixed in 0.8.0.
Published: 2026-05-15
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Open WebUI is a self-hosted artificial intelligence platform that can run entirely offline. Before version 0.8.0, the GET /api/v1/memories/ef endpoint is accessible without authentication and invokes an embedding function, allowing any user to request embeddings. If those embeddings are performed against a paid provider, an attacker can trigger direct cost exposure and potentially overwhelm the provider, leading to a denial‑of‑service scenario for the legitimate user base. This weakness is classified as Missing Authorization (CWE‑862).

Affected Systems

The vulnerable product is open‑webui:open‑webui. All releases prior to 0.8.0 are affected; the issue was fixed in 0.8.0 and later versions. No other vendors or products are listed.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity. No EPSS value is available, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker only needs unauthenticated HTTP access to the vulnerable endpoint; no special privileges or network exploits are required. Consequently, any entity able to reach the service can initiate costly embedding calls, posing a financial risk and a potential denial‑of‑service vector if usage spikes.

Generated by OpenCVE AI on May 16, 2026 at 00:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open WebUI to version 0.8.0 or later, which removes the unauthenticated endpoint.
  • If an upgrade is not yet possible, restrict network reachability to the /api/v1/memories endpoint by using firewall rules or network ACLs so that only trusted hosts can call it.
  • Reconfigure the application to disable or limit embedding generation for unauthenticated users and monitor API usage for abnormal activity.

Generated by OpenCVE AI on May 16, 2026 at 00:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-m69w-p7m4-585j Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS)
History

Sat, 16 May 2026 00:15:00 +0000

Type Values Removed Values Added
First Time appeared Open-webui
Open-webui open-webui
Vendors & Products Open-webui
Open-webui open-webui

Fri, 15 May 2026 22:00:00 +0000

Type Values Removed Values Added
Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v1/memories/ef is accessible without authentication and executes request.app.state.EMBEDDING_FUNCTION(...). This allows any unauthenticated caller to trigger embedding generation which can lead to direct cost exposure if a paid provider is used. This vulnerability is fixed in 0.8.0.
Title Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS)
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

Open-webui Open-webui
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T21:41:43.155Z

Reserved: 2026-05-12T21:59:25.666Z

Link: CVE-2026-45667

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-15T22:16:56.193

Modified: 2026-05-15T22:16:56.193

Link: CVE-2026-45667

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-16T00:30:11Z

Weaknesses