CVE-2026-0765
📋 TL;DR
This vulnerability allows authenticated remote attackers to execute arbitrary system commands on Open WebUI installations. Attackers can inject malicious commands through the install_frontmatter_requirements function, leading to remote code execution as the service account. Only authenticated users can exploit this vulnerability.
💻 Affected Systems
- Open WebUI
📦 What is this software?
Open Webui by Openwebui
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining service account privileges, allowing lateral movement, data exfiltration, and persistent backdoor installation.
Likely Case
Attacker executes commands to steal sensitive data, modify configurations, or deploy cryptocurrency miners on vulnerable systems.
If Mitigated
With proper network segmentation and least privilege, impact limited to isolated container or service account scope.
🎯 Exploit Status
Exploitation requires valid credentials but command injection is straightforward once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific version
Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-26-031/
Restart Required: Yes
Instructions:
1. Check Open WebUI vendor advisory for patched version. 2. Update Open WebUI to latest patched version. 3. Restart the Open WebUI service. 4. Verify the fix is applied.
🔧 Temporary Workarounds
Disable vulnerable function
allTemporarily disable or restrict access to the install_frontmatter_requirements function
# Modify Open WebUI configuration to disable vulnerable endpoint
Network segmentation
linuxRestrict network access to Open WebUI to trusted IPs only
# Example firewall rule: iptables -A INPUT -p tcp --dport [OPENWEBUI_PORT] -s [TRUSTED_IP] -j ACCEPT
# iptables -A INPUT -p tcp --dport [OPENWEBUI_PORT] -j DROP
🧯 If You Can't Patch
- Implement strict authentication controls and monitor for suspicious login attempts
- Run Open WebUI with minimal privileges using non-root service accounts
🔍 How to Verify
Check if Vulnerable:
Check Open WebUI version against vendor advisory. If using vulnerable version and authentication is enabled, system is vulnerable.Check Version:
# Check Open WebUI version in web interface or configuration filesVerify Fix Applied:
Verify Open WebUI version is updated to patched version and test that command injection attempts are properly sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual command execution patterns in system logs
- Multiple failed authentication attempts followed by successful login
- Suspicious process execution from Open WebUI service account
Network Indicators:
- Unusual outbound connections from Open WebUI server
- Command and control traffic patterns
SIEM Query:
source="openwebui" AND (event="command_execution" OR event="system_call")