CVE-2026-44551
Published: 15 May 2026
Summary
CVE-2026-44551 is a critical-severity Improper Authentication (CWE-287) vulnerability in Openwebui Open Webui. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.9.0, its LDAP authentication endpoint fails to enforce a non-empty password requirement before issuing a Simple Bind request to the LDAP server. The LdapForm Pydantic model accepts a password field of type str without any minimum-length constraint, allowing an empty string to pass validation; when the downstream Connection.bind() call succeeds against permissive LDAP servers, the application then returns a full session token for the targeted account. The issue is tracked as CVE-2026-44551 with a CVSS 3.1 score of 9.1 and is assigned CWE-287.
An unauthenticated remote attacker can supply an empty password for any valid username at the LDAP login endpoint and obtain a valid session token, resulting in full account impersonation with high impact on confidentiality and integrity. No user interaction or prior credentials are required, and the attack succeeds against any LDAP server that treats an empty password as a successful bind.
The vulnerability is addressed in the 0.9.0 release, as documented in the project’s GitHub Security Advisory GHSA-2r4p-jpmg-48f4. The EPSS score remains flat at 0.0264 with no material increase after disclosure.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-30604
Vulnerability details
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm…
more
Pydantic model accepts password: str with no minimum length constraint, so an empty string passes validation. The subsequent Connection.bind() call succeeds on vulnerable LDAP servers, and the application issues a full session token for the target user. This vulnerability is fixed in 0.9.0.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: artificial intelligence, open webui
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct auth bypass in public-facing web app LDAP endpoint enables exploitation of the application for unauthorized access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires the system to enforce approved authentication policies before granting access, blocking the empty-password Simple Bind that bypasses LDAP credential checks.
Mandates validation of all inputs against security rules, which would have rejected the unconstrained empty password field accepted by the LdapForm Pydantic model.
Requires reliable identification and authentication mechanisms for users, exposing the missing non-empty password check that allowed unauthenticated session-token issuance.