Cyber Resilience

CVE-2024-7806

HighPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
26 March 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0088 75.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-7806 is a high-severity CSRF (CWE-352) vulnerability in Openwebui Open Webui. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 24.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-7806 is a Cross-Site Request Forgery (CSRF) vulnerability, classified under CWE-352, affecting open-webui/open-webui versions up to and including 0.3.8. The issue stems from the application's use of authentication cookies with the SameSite attribute set to Lax, combined with the absence of CSRF tokens. This flaw enables remote code execution (RCE) when exploited, as demonstrated by its CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity with network accessibility, low attack complexity, no required privileges, and user interaction needed for high impacts across confidentiality, integrity, and availability.

An attacker can exploit this vulnerability without authentication by crafting a malicious HTML page. When a victim user—potentially a non-admin—visits the attacker's page (for example, via a phishing link or malicious website), the browser automatically sends a CSRF request using the victim's session cookies. This request modifies the Python code of an existing pipeline within the application, allowing the execution of arbitrary code under the victim's privileges.

For mitigation details, refer to the primary advisory on the Huntr bounty page at https://huntr.com/bounties/9350a68d-5f33-4b3d-988b-81e778160ab8, which reported the issue. Security practitioners should upgrade to a patched version beyond 0.3.8 if available and implement CSRF protections such as tokens or stricter SameSite cookie policies in similar applications.

EU & UK References

Vulnerability details

A vulnerability in open-webui/open-webui versions <= 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery (CSRF). The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker…

more

to craft a malicious HTML that, when accessed by a victim, can modify the Python code of an existing pipeline and execute arbitrary code with the victim's privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
Why these techniques?

CVE-2024-7806 is a CSRF vulnerability in a public-facing web application (T1190) that enables attackers to trick authenticated users into modifying Python pipeline code for arbitrary remote code execution via Python interpreter (T1059.006).

CVEs Like This One

CVE-2026-45672Same product: Openwebui Open Webui
CVE-2024-7959Same product: Openwebui Open Webui
CVE-2024-7034Same product: Openwebui Open Webui
CVE-2024-8053Same product: Openwebui Open Webui
CVE-2026-45395Same product: Openwebui Open Webui
CVE-2024-7044Same product: Openwebui Open Webui
CVE-2026-45350Same product: Openwebui Open Webui
CVE-2026-34222Same product: Openwebui Open Webui
CVE-2024-7043Same product: Openwebui Open Webui
CVE-2026-44567Same product: Openwebui Open Webui

Affected Assets

openwebui
open webui
≤ 0.3.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Protects session authenticity against CSRF attacks by requiring mechanisms like tokens or strict cookie policies to validate cross-site requests.

prevent

Mandates validation of information inputs, including CSRF tokens, to block forged requests that modify application pipelines.

prevent

Enforces secure configuration settings for authentication cookies, such as SameSite=Strict, to limit automatic inclusion in cross-site requests.

References