CVE-2026-0767 – Open WebUI transmits credentials in plaintext, ... (How to Fix)

Q: What is the severity of CVE-2026-0767?

CVE-2026-0767 has a CVSS score of 6.5 (MEDIUM). Open WebUI transmits credentials in plaintext, allowing network-adjacent attackers to intercept authentication data without authentication. This affects all Open WebUI installations using the vulnerable endpoint. Attackers can capture credentials and potentially gain unauthorized access.

📋 TL;DR

Open WebUI transmits credentials in plaintext, allowing network-adjacent attackers to intercept authentication data without authentication. This affects all Open WebUI installations using the vulnerable endpoint. Attackers can capture credentials and potentially gain unauthorized access.

💻 Affected Systems

Products:

Open WebUI

Versions: Versions prior to the fix

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects installations where credentials are transmitted to the vulnerable endpoint. Network adjacency required for exploitation.

📦 What is this software?

Open Webui by Openwebui

View all CVEs affecting Open Webui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers capture administrative credentials, gain full system control, and pivot to other systems in the network.

🟠

Likely Case

Attackers capture user credentials, access sensitive data, and perform unauthorized actions within the application.

🟢

If Mitigated

Credential exposure limited to internal network segments with proper segmentation and monitoring.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network sniffing capabilities but no authentication. Simple packet capture tools can intercept credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific version

Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-26-033/

Restart Required: Yes

Instructions:

1. Check current Open WebUI version. 2. Update to patched version per vendor instructions. 3. Restart Open WebUI service. 4. Verify encryption is enabled for credential transmission.

🔧 Temporary Workarounds

Enable TLS/SSL encryption

all

Configure Open WebUI to use HTTPS/TLS for all communications

Configure SSL/TLS in Open WebUI configuration file

Network segmentation

all

Isolate Open WebUI to trusted network segments only

Configure firewall rules to restrict access to Open WebUI

🧯 If You Can't Patch

Implement network-level encryption (VPN, IPSec) for all Open WebUI traffic
Deploy network monitoring and IDS/IPS to detect credential sniffing attempts

🔍 How to Verify

Check if Vulnerable:

Use network analyzer to check if credentials are transmitted in plaintext to Open WebUI endpoints

Check Version:

Check Open WebUI version in web interface or configuration

Verify Fix Applied:

Verify credentials are encrypted (HTTPS/TLS) in network traffic after patch

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts from new IPs
Unusual access patterns to credential endpoints

Network Indicators:

Unencrypted HTTP traffic to authentication endpoints
ARP spoofing or network sniffing activity

SIEM Query:

source="openwebui" AND (event="authentication" OR event="credential") AND protocol="HTTP"

📊 Metadata

CVE ID: CVE-2026-0767

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-319

EPSS Score: 0.02% exploit probability (3.4th percentile)

Published: January 23, 2026

Last Updated: January 30, 2026

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-26-033/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-0767, you might also want to check these: