Cyber Resilience

CVE-2026-34222

HighPublic PoC

Published: 01 April 2026

Published
01 April 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS Score 0.0002 4.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-34222 is a high-severity Improper Authorization (CWE-285) vulnerability in Openwebui Open Webui. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 4.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Other ATLAS/OWASP Terms risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-34222 is a broken access control vulnerability (CWE-285) in tool values affecting Open WebUI, a self-hosted artificial intelligence platform designed to operate entirely offline. The issue impacts versions prior to 0.8.11 and has a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

The vulnerability can be exploited remotely over the network by an attacker with low privileges, requiring low attack complexity and no user interaction. Successful exploitation results in a changed scope with high confidentiality impact, enabling unauthorized access to sensitive data.

The issue has been addressed in Open WebUI version 0.8.11. Security practitioners should upgrade to this version for mitigation. Relevant details are provided in the GitHub release notes (https://github.com/open-webui/open-webui/releases/tag/v0.8.11), the GitHub security advisory (https://github.com/open-webui/open-webui/security/advisories/GHSA-7429-hxcv-268m), and a Full Disclosure mailing list post (http://seclists.org/fulldisclosure/2026/Apr/4).

As a self-hosted AI platform, Open WebUI's vulnerability holds relevance for organizations deploying offline AI/ML tools, particularly those handling sensitive data in scoped environments.

EU & UK References

Vulnerability details

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there is a broken access control vulnerability in tool values. This issue has been patched in version 0.8.11.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: artificial intelligence, open webui

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Broken access control vulnerability in network-accessible Open WebUI web application directly enables remote exploitation of a public-facing application (T1190) with low-privileged access leading to unauthorized sensitive data exposure.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-44567Same product: Openwebui Open Webui
CVE-2026-44551Same product: Openwebui Open Webui
CVE-2026-45400Same product: Openwebui Open Webui
CVE-2026-45350Same product: Openwebui Open Webui
CVE-2026-45331Same product: Openwebui Open Webui
CVE-2026-45338Same product: Openwebui Open Webui
CVE-2026-45398Same product: Openwebui Open Webui
CVE-2026-45672Same product: Openwebui Open Webui
CVE-2026-44566Same product: Openwebui Open Webui
CVE-2026-44556Same product: Openwebui Open Webui

Affected Assets

openwebui
open webui
≤ 0.8.11

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for logical access to information and system resources, directly mitigating the broken access control vulnerability in Open WebUI tool values that allows low-privileged attackers unauthorized access to sensitive data.

prevent

Requires timely identification, reporting, and correction of system flaws like CVE-2026-34222, preventing exploitation through patching to version 0.8.11.

prevent

Employs least privilege to restrict low-privileged users or processes to only necessary accesses, limiting the scope and impact of unauthorized data exposure from the broken access control.

References