Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) pattern for first-user admin role assignment. The regular signup handler (signup_handler in auths.py, line 663) was explicitly patched to prevent this race with the comment "Insert with default role first to avoid TOCTOU race", but the LDAP and OAuth code paths were never updated with the same fix. This vulnerability is fixed in 0.9.0.
Published: 2026-05-15
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Open WebUI uses LDAP and OAuth for user authentication. Before version 0.9.0 the code that assigns the administrator role when the first account is created contains a TOCTOU flaw. An attacker can launch two concurrent first‑user requests, causing the system to treat both as the initial user and assign them the admin role. The vulnerability does not grant remote code execution, but it allows an attacker to create more than one privileged account, thereby escalating privilege and enabling further attacks on the platform.

Affected Systems

The affected product is Open WebUI, the open‑source self‑hosted AI platform. All installations prior to 0.9.0 that enable LDAP or OAuth authentication are affected. The fix was applied in the 0.9.0 release.

Risk and Exploitability

The CVSS score of 8.1 indicates a high severity. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is to trigger parallel first‑user authentication flows, which could be achieved by submitting concurrent requests from an internet‑connected or internal network. The race condition has a low barrier to exploitation once such access is possible, making the threat real but focused on environments where LDAP or OAuth is enabled for new users.

Generated by OpenCVE AI on May 15, 2026 at 21:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open WebUI to version 0.9.0 or newer where the race condition is fixed.
  • If an upgrade is not immediately possible, restrict LDAP and OAuth first‑user flows by disabling new user creation or requiring manual admin approval.
  • Deploy network controls to limit unauthenticated requests to LDAP/OAuth endpoints, such as firewall rules or IP whitelisting.

Generated by OpenCVE AI on May 15, 2026 at 21:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-h3ww-q6xx-w7x3 Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts
History

Fri, 15 May 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 15 May 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Open-webui
Open-webui open-webui
Vendors & Products Open-webui
Open-webui open-webui

Fri, 15 May 2026 19:30:00 +0000

Type Values Removed Values Added
Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) pattern for first-user admin role assignment. The regular signup handler (signup_handler in auths.py, line 663) was explicitly patched to prevent this race with the comment "Insert with default role first to avoid TOCTOU race", but the LDAP and OAuth code paths were never updated with the same fix. This vulnerability is fixed in 0.9.0.
Title Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts
Weaknesses CWE-269
CWE-362
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Open-webui Open-webui
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T20:20:27.605Z

Reserved: 2026-05-12T21:59:25.666Z

Link: CVE-2026-45675

cve-icon Vulnrichment

Updated: 2026-05-15T20:20:23.584Z

cve-icon NVD

Status : Received

Published: 2026-05-15T20:16:49.220

Modified: 2026-05-15T21:16:38.647

Link: CVE-2026-45675

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T21:45:09Z

Weaknesses