Summary
The LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) pattern for first-user admin role assignment. The regular signup handler (signup_handler in auths.py, line 663) was explicitly patched to prevent this race with the comment "Insert with default role first to avoid TOCTOU race", but the LDAP and OAuth code paths were never updated with the same fix.
Vulnerable Code
LDAP (auths.py, lines 479-490)
# Line 482 - CHECK: is the user table empty?
role = 'admin' if not Users.has_users(db=db) else request.app.state.config.DEFAULT_USER_ROLE
# Lines 484-490 - USE: create user with the role determined above
user = Auths.insert_new_auth(
email=email,
password=str(uuid.uuid4()),
name=cn,
role=role, # <-- role was determined BEFORE insert, race window exists
db=db,
)
OAuth (oauth.py, lines 1103-1112, 1566-1574)
# Line 1104 - CHECK: count users
def get_user_role(self, user, user_data):
user_count = Users.get_num_users()
if not user and user_count == 0:
return 'admin' # Line 1112
# Lines 1566-1574 - USE: create user with pre-determined role
user = Auths.insert_new_auth(
...
role=self.get_user_role(None, user_data), # Line 1571
...
)
Both paths determine the role BEFORE inserting the user, creating a race window where multiple concurrent requests on a fresh instance can all observe an empty database and all receive the admin role.
Comparison with Patched Signup
The signup_handler (auths.py, line 663) was explicitly fixed:
# Insert with default role first to avoid TOCTOU race
user = Auths.insert_new_auth(..., role=DEFAULT_USER_ROLE, ...)
# Then check if this is the only user and upgrade
if Users.get_num_users() == 1:
Users.update_user_role_by_id(user.id, 'admin')
The LDAP and OAuth paths did NOT receive this fix.
Exploitation
- Deploy Open WebUI with LDAP or OAuth enabled on a fresh instance (no existing users)
- Send multiple concurrent authentication requests from different users
- Multiple requests pass the
has_users()/get_num_users() == 0check simultaneously - All concurrent users become administrators
DATABASE_ENABLE_SESSION_SHARING defaults to False (env.py:387), so each call uses its own database session, widening the race window.
Resolution
Fixed in PR #23626 (commit 96a0b3239), first released in v0.9.0 (Apr 2026). Both LDAP (routers/auths.py) and OAuth (utils/oauth.py) registration paths now use the same insert-first-check-after pattern that signup_handler already had:
- Insert the new user with
DEFAULT_USER_ROLEunconditionally, no pre-insert role decision based on user count. - After the insert commits, atomically call
Users.get_num_users() == 1to check whether this is the sole user. - Only the sole user gets promoted to
adminviaUsers.update_user_role_by_id.
OAuthManager.get_user_role was also updated to return DEFAULT_USER_ROLE (not admin) for first-user bootstrap; admin promotion is deferred to the post-insert check above. With this ordering, two concurrent first-user registrations that both observe an empty table can both insert, but only one will see get_num_users() == 1 afterward, the other will see == 2 and not be promoted.
Users on >= 0.9.0 are not affected.
Impact
Any LDAP/OAuth user who times their first login concurrently with the legitimate first admin can escalate to full admin privileges, gaining access to all user data, system configuration, API keys, and connected LLM backends.
The application assigns, modifies, tracks, or checks privileges incorrectly, allowing a user to gain elevated access. Typical impact: privilege escalation beyond the intended level.
CVE-2026-45675 has a CVSS score of 8.1 (High). The vector is network-reachable, no privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (0.9.0); upgrading removes the vulnerable code path.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Remediation advice
Apply the same insert-then-check pattern used in signup_handler: insert the user with DEFAULT_USER_ROLE first, then atomically check if this is the only user and upgrade to admin only if so.
Frequently Asked Questions
- What is CVE-2026-45675? CVE-2026-45675 is a high-severity improper privilege management vulnerability in open-webui (pip), affecting versions <= 0.8.12. It is fixed in 0.9.0. The application assigns, modifies, tracks, or checks privileges incorrectly, allowing a user to gain elevated access.
- How severe is CVE-2026-45675? CVE-2026-45675 has a CVSS score of 8.1 (High). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
- Which versions of open-webui are affected by CVE-2026-45675? open-webui (pip) versions <= 0.8.12 is affected.
- Is there a fix for CVE-2026-45675? Yes. CVE-2026-45675 is fixed in 0.9.0. Upgrade to this version or later.
- Is CVE-2026-45675 exploitable, and should I be worried? Whether CVE-2026-45675 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether CVE-2026-45675 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix CVE-2026-45675? Upgrade
open-webuito 0.9.0 or later.