CVE-2026-34222
Published: 01 April 2026
Summary
CVE-2026-34222 is a high-severity Improper Authorization (CWE-285) vulnerability in Openwebui Open Webui. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 4.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Other ATLAS/OWASP Terms risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-34222 is a broken access control vulnerability (CWE-285) in tool values affecting Open WebUI, a self-hosted artificial intelligence platform designed to operate entirely offline. The issue impacts versions prior to 0.8.11 and has a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).
The vulnerability can be exploited remotely over the network by an attacker with low privileges, requiring low attack complexity and no user interaction. Successful exploitation results in a changed scope with high confidentiality impact, enabling unauthorized access to sensitive data.
The issue has been addressed in Open WebUI version 0.8.11. Security practitioners should upgrade to this version for mitigation. Relevant details are provided in the GitHub release notes (https://github.com/open-webui/open-webui/releases/tag/v0.8.11), the GitHub security advisory (https://github.com/open-webui/open-webui/security/advisories/GHSA-7429-hxcv-268m), and a Full Disclosure mailing list post (http://seclists.org/fulldisclosure/2026/Apr/4).
As a self-hosted AI platform, Open WebUI's vulnerability holds relevance for organizations deploying offline AI/ML tools, particularly those handling sensitive data in scoped environments.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-17977
Vulnerability details
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there is a broken access control vulnerability in tool values. This issue has been patched in version 0.8.11.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: artificial intelligence, open webui
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Broken access control vulnerability in network-accessible Open WebUI web application directly enables remote exploitation of a public-facing application (T1190) with low-privileged access leading to unauthorized sensitive data exposure.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved authorizations for logical access to information and system resources, directly mitigating the broken access control vulnerability in Open WebUI tool values that allows low-privileged attackers unauthorized access to sensitive data.
Requires timely identification, reporting, and correction of system flaws like CVE-2026-34222, preventing exploitation through patching to version 0.8.11.
Employs least privilege to restrict low-privileged users or processes to only necessary accesses, limiting the scope and impact of unauthorized data exposure from the broken access control.