Denial of Service Vulnerability in Open-WebUI by Open-WebUI
CVE-2024-7036

7.5HIGH

Key Information:

Vendor: Open-webui
Status: Open-webui/open-webui
Vendor: CVE Published:; 20 March 2025

Summary

A vulnerability in Open-WebUI version 0.3.8 allows unauthenticated attackers to exploit the 'name' field by entering excessively large text. This attack leads to an unresponsive Admin panel, hindering administrators from performing crucial user management tasks such as adding, editing, or deleting user accounts. Additionally, authenticated users with low privileges can also trigger this vulnerability, affecting overall administrative functions within the application.

Affected Version(s)

open-webui/open-webui <= unspecified

References

https://huntr.com/bounties/ba62d093-ab27-48fa-9c53-0602c8...

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Jul 23, 2024