CVE-2026-45672

HIGH

Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-45672. PoCs published by CryptReaper12.

AI-analyzed exploit summary The repository claims to exploit CVE-2026-45672 in Open WebUI via arbitrary Python code execution but lacks actual exploit code, instead redirecting users to an external tinyurl link. The README is vague and focuses on generic features like proxy support.

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLE_CODE_EXECUTION=false. The feature gate is not enforced on the API endpoint — the configuration says "disabled" but code still executes. This vulnerability is fixed in 0.8.12.

Exploits (1)

github SUSPICIOUS

by CryptReaper12 · poc

https://github.com/CryptReaper12/CVE-2026-45672

View Code ZIP pw:eip

The repository claims to exploit CVE-2026-45672 in Open WebUI via arbitrary Python code execution but lacks actual exploit code, instead redirecting users to an external tinyurl link. The README is vague and focuses on generic features like proxy support.

Classification

Suspicious 90%

Attack Type

Rce

Complexity

Theoretical

Reliability

Theoretical

Target: Open WebUI (versions prior to 0.8.12)

Auth required

Prerequisites: verified user access · target URL · file path for inclusion

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 17, 2026 Full analysis →

References (1)

Core 1

Core References

X_Refsource_Confirm x_refsource_confirm

https://github.com/open-webui/open-webui/security/advisories/GHSA-482j-2pq6-q5w4

Scores

CVSS v3 8.8

EPSS 0.0008

EPSS Percentile 23.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-863

Status published

Products (3)

open-webui/open-webui < 0.8.12

openwebui/open_webui < 0.8.12

pypi/open-webui 0 - 0.8.12PyPI

Published May 15, 2026

Tracked Since May 16, 2026