CVE-2026-44551

CVE-2026-44551 is a critical-severity improper authentication vulnerability in open-webui (pip), affecting versions <= 0.8.12. It is fixed in 0.9.0.

Summary

LDAP Empty Password Authentication Bypass

Affected Component

LDAP authentication endpoint:

  • backend/open_webui/routers/auths.py (lines 468-477, user bind with empty password)
  • backend/open_webui/models/auths.py (lines 58-60, LdapForm model)

Affected Versions

Current main branch (commit 6fdd19bf1) and likely all versions with LDAP authentication support.

Description

The LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. Per RFC 4513 Section 5.1.2, a Simple Bind with a valid DN and an empty password constitutes an "unauthenticated simple authentication", many LDAP servers (including OpenLDAP in default configuration and some Active Directory setups) return success (resultCode 0) for this operation.

The LdapForm Pydantic model accepts password: str with no minimum length constraint, so an empty string passes validation. The subsequent Connection.bind() call succeeds on vulnerable LDAP servers, and the application issues a full session token for the target user.

# models/auths.py:58-60, no min_length on password
class LdapForm(BaseModel):
    user: str
    password: str

# auths.py:469-477, empty password reaches LDAP bind
connection_user = Connection(
    server,
    user_dn,
    form_data.password,    # can be ""
    auto_bind='NONE',
    authentication='SIMPLE',
)
if not await asyncio.to_thread(connection_user.bind):
    raise HTTPException(400, 'Authentication failed.')

# If bind succeeds (which it does with empty password on many servers),
# execution continues and a full session token is issued

CVSS 3.1 Breakdown

Metric Value Rationale
Attack Vector Network (N) Exploited remotely via the LDAP login endpoint
Attack Complexity Low (L) Single request with an empty password field
Privileges Required None (N) No prior authentication needed
User Interaction None (N) No victim interaction required
Scope Unchanged (U) Impact within the application's authentication boundary
Confidentiality High (H) Full access to victim's account data, chats, files, API keys, settings
Integrity High (H) Can modify victim's data, settings, send messages as victim
Availability None (N) No direct denial of service

Attack Scenario

  1. LDAP authentication is enabled on the Open WebUI instance.
  2. The underlying LDAP server accepts unauthenticated simple binds (OpenLDAP default, some AD configs).
  3. Attacker sends:
    POST /api/v1/auths/ldap
    {"user": "admin_username", "password": ""}
    
  4. The app DN bind succeeds normally (line 366), finds the target user via LDAP search.
  5. The user bind (line 469-477) sends a Simple Bind with the target's DN and an empty password.
  6. The LDAP server returns success for the unauthenticated bind.
  7. authenticate_user_by_email (line 507) issues a full session token for the target user.
  8. Attacker has complete access to the victim's account.

Preconditions

  • LDAP must be enabled (ENABLE_LDAP=True, disabled by default)
  • The LDAP server must accept unauthenticated simple binds with empty passwords (OpenLDAP default behavior, configurable on AD)
  • Attacker must know a valid LDAP username

Impact

  • Complete authentication bypass, any LDAP user account can be taken over without knowing the password
  • Includes admin accounts if they authenticate via LDAP
  • No rate limiting on the LDAP endpoint (unlike the password signin endpoint)
  • Zero interaction required from the victim

The application does not adequately verify the identity of a user, device, or process before granting access. Typical impact: unauthorized access to functions or data reserved for authenticated parties.

CVE-2026-44551 has a CVSS score of 9.1 (Critical). The vector is network-reachable, no privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (0.9.0); upgrading removes the vulnerable code path.

Affected versions

open-webui (<= 0.8.12)

Security releases

open-webui → 0.9.0 (pip)

Kodem intelligence

Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.

Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.

See it in your environment

Remediation advice

Upgrade open-webui to 0.9.0 or later to resolve this vulnerability.

Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.

Frequently Asked Questions

  1. What is CVE-2026-44551? CVE-2026-44551 is a critical-severity improper authentication vulnerability in open-webui (pip), affecting versions <= 0.8.12. It is fixed in 0.9.0. The application does not adequately verify the identity of a user, device, or process before granting access.
  2. How severe is CVE-2026-44551? CVE-2026-44551 has a CVSS score of 9.1 (Critical). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
  3. Which versions of open-webui are affected by CVE-2026-44551? open-webui (pip) versions <= 0.8.12 is affected.
  4. Is there a fix for CVE-2026-44551? Yes. CVE-2026-44551 is fixed in 0.9.0. Upgrade to this version or later.
  5. Is CVE-2026-44551 exploitable, and should I be worried? Whether CVE-2026-44551 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
  6. What actually determines whether CVE-2026-44551 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
  7. How do I fix CVE-2026-44551? Upgrade open-webui to 0.9.0 or later.

Other vulnerabilities in open-webui

CVE-2026-54022CVE-2026-54021CVE-2026-54019CVE-2026-54018CVE-2026-54017

Stop the waste.
Protect your environment with Kodem.