{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34222", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-26T15:57:52.324Z", "datePublished": "2026-04-01T17:02:21.846Z", "dateUpdated": "2026-04-04T03:03:42.269Z"}, "containers": {"cna": {"title": "Open WebUI has Broken Access Control in Tool Valves", "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "lang": "en", "description": "CWE-285: Improper Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/open-webui/open-webui/security/advisories/GHSA-7429-hxcv-268m", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-7429-hxcv-268m"}, {"name": "https://github.com/open-webui/open-webui/releases/tag/v0.8.11", "tags": ["x_refsource_MISC"], "url": "https://github.com/open-webui/open-webui/releases/tag/v0.8.11"}], "affected": [{"vendor": "open-webui", "product": "open-webui", "versions": [{"version": "< 0.8.11", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-01T17:02:21.846Z"}, "descriptions": [{"lang": "en", "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there is a broken access control vulnerability in tool values. This issue has been patched in version 0.8.11."}], "source": {"advisory": "GHSA-7429-hxcv-268m", "discovery": "UNKNOWN"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2026/Apr/4"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-03T05:33:11.349Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-04T03:03:22.905022Z", "id": "CVE-2026-34222", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-04T03:03:42.269Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2026/Apr/4"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-03T05:33:11.349Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34222", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-04T03:03:22.905022Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-04T03:03:39.054Z"}}], "cna": {"title": "Open WebUI has Broken Access Control in Tool Valves", "source": {"advisory": "GHSA-7429-hxcv-268m", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "open-webui", "product": "open-webui", "versions": [{"status": "affected", "version": "< 0.8.11"}]}], "references": [{"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-7429-hxcv-268m", "name": "https://github.com/open-webui/open-webui/security/advisories/GHSA-7429-hxcv-268m", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/open-webui/open-webui/releases/tag/v0.8.11", "name": "https://github.com/open-webui/open-webui/releases/tag/v0.8.11", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there is a broken access control vulnerability in tool values. This issue has been patched in version 0.8.11."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "CWE-285: Improper Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-01T17:02:21.846Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34222", "state": "PUBLISHED", "dateUpdated": "2026-04-04T03:03:42.269Z", "dateReserved": "2026-03-26T15:57:52.324Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-01T17:02:21.846Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there is a broken access control vulnerability in tool values. This issue has been patched in version 0.8.11."}], "id": "CVE-2026-34222", "lastModified": "2026-04-03T16:10:52.680", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-01T18:16:29.850", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/open-webui/open-webui/releases/tag/v0.8.11"}, {"source": "security-advisories@github.com", "url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-7429-hxcv-268m"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2026/Apr/4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.8.11)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "open-webui", "source": "cna", "vendor": "open-webui"}, "product": "open-webui", "vendor": "open-webui"}], "analysis": {"en": {"generated_at": "2026-04-02T04:34:40.684693+00:00", "value": {"mitigation_remediation": ["Upgrade Open WebUI to version 0.8.11 or later.", "Verify that tool value access now requires proper authentication by testing the relevant API endpoints.", "Ensure all production instances have been updated and monitor for any rollback attempts."], "summary": {"action": "Patch Now", "impact": "Unauthorized access to tool values"}, "threat_synthesis": {"affected_systems": "All deployments of Open WebUI running a version older than 0.8.11 are affected. The vulnerability applies to the open-webui:open-webui product across all operating systems where the platform is installed.", "description_and_impact": "Open WebUI, a self\u2011hosted AI platform, has a broken access control flaw in the handling of tool values in versions prior to 0.8.11. The weakness, identified as CWE\u2011285, allows an attacker to read or modify tool configurations without proper authentication, potentially enabling privilege escalation or malicious code execution if the tools perform privileged operations.", "risk_and_exploitability": "The CVSS score of 7.7 classifies this issue as high severity. EPSS data is unavailable, and the vulnerability is not listed in the CISA KEV catalog, indicating no publicly known exploits yet. The attack vector is inferred to be remote, exploiting exposed API endpoints that manage tool values, and does not require elevated credentials because of the broken access control."}}}}, "created": "2026-04-02T07:48:13.047659+00:00", "updated": "2026-04-02T20:17:09.677606+00:00", "vendors": ["open-webui", "open-webui$PRODUCT$open-webui"]}