CVE-2026-45675: Open WebUI Vulnerable to Admin Role Race Condition
The National Vulnerability Database (NVD) has detailed CVE-2026-45675, a high-severity vulnerability (CVSS 8.1) affecting Open WebUI, a self-hosted AI platform. This flaw, present in versions prior to 0.9.0, stems from a Time-of-Check-Time-of-Use (TOCTOU) race condition during LDAP and OAuth authentication flows. This specific race condition allows for the improper assignment of an administrator role to the first user.
While the regular signup handler was patched to prevent this TOCTOU race, the critical LDAP and OAuth code paths were never updated with the same fix. This oversight creates a window where an attacker could potentially exploit the timing to gain administrative privileges upon initial user creation via these authentication methods. The vulnerability is categorized under CWE-269 (Improper Privilege Management) and CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization).
This isn’t just a theoretical bug; it’s a fundamental logic flaw. An attacker doesn’t need complex exploits; they just need to win a race condition during the initial setup or user creation via LDAP/OAuth. This can grant them full control over the AI platform, including data access, model manipulation, and potentially broader network access if the platform is integrated with other systems.
What This Means For You
- If your organization uses Open WebUI, especially with LDAP or OAuth for authentication, you need to immediately patch to version 0.9.0 or later. This TOCTOU vulnerability allows for unauthorized administrative access, which is a critical compromise for any self-hosted AI platform. Verify all existing user roles and audit logs for any suspicious admin role assignments, particularly for early user creations.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-45675: Open WebUI LDAP/OAuth Admin Race Condition
title: CVE-2026-45675: Open WebUI LDAP/OAuth Admin Race Condition
id: scw-2026-05-15-ai-1
status: experimental
level: high
description: |
Detects the specific LDAP/OAuth login endpoint used in Open WebUI versions prior to 0.9.0 that are vulnerable to a TOCTOU race condition for first-user admin role assignment. This rule looks for POST requests to '/login' that contain a 'redirect_uri' query parameter, indicative of the vulnerable authentication flow.
author: SCW Feed Engine (AI-generated)
date: 2026-05-15
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-45675/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: authentication
detection:
selection:
cs-uri|contains:
- '/login'
cs-method|exact:
- 'POST'
cs-uri-query|contains:
- 'redirect_uri'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-45675 | Race Condition | Open WebUI versions prior to 0.9.0 |
| CVE-2026-45675 | Privilege Escalation | Open WebUI LDAP authentication flow TOCTOU vulnerability |
| CVE-2026-45675 | Privilege Escalation | Open WebUI OAuth authentication flow TOCTOU vulnerability |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 15, 2026 at 23:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
radare2 Use-After-Free (CVE-2026-8696) Risks Denial of Service, RCE
CVE-2026-8696 — radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial...
CVE-2026-45671: Open WebUI File Deletion Flaw Impacts Self-Hosted AI
CVE-2026-45671 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delete files...
Open WebUI CVE-2026-45399: Low-Privilege Users Disrupt System-Wide AI Tasks
CVE-2026-45399 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can...