What is the CVSS score of CVE-2026-45667?

CVE-2026-45667 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-45667?

Yes, a patch is available for CVE-2026-45667. Update the affected software to the latest version immediately.

Open WebUI CVE-2026-45667

Q: Which versions of Open WebUI are affected by CVE-2026-45667?

Unauthenticated attackers can invoke the GET `/api/v1/memories/ef` endpoint in Open WebUI versions ≤0.7.2 to trigger arbitrary embedding generation without authentication, enabling cost-based attacks…. A patch is available.

EUVD-2026-30665 MEDIUM

Missing Authorization (CWE-862)

2026-05-14 https://github.com/open-webui/open-webui

GHSA-m69w-p7m4-585j

Authentication Bypass Microsoft

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

Lifecycle Timeline

Source Code Evidence Fetched

May 14, 2026 - 22:15 vuln.today

Analysis Generated

May 14, 2026 - 22:15 vuln.today

CVE Published

May 14, 2026 - 20:28 nvd

MEDIUM 6.5

DescriptionNVD

Summary

GET /api/v1/memories/ef is accessible without authentication and executes request.app.state.EMBEDDING_FUNCTION(...). This allows any unauthenticated caller to trigger embedding generation which can lead to direct cost exposure if a paid provider is used. Code reference: backend/open_webui/routers/memories.py (@router.get("/ef") -> calls request.app.state.EMBEDDING_FUNCTION("hello world")).

Details

GET /api/v1/memories/ef is reachable without authentication and triggers request.app.state.EMBEDDING_FUNCTION("hello world"). This crosses an intended security boundary by allowing unauthenticated users to invoke potentially expensive embedding computation and/or paid upstream embedding APIs.

PoC

Start Open WebUI in default configuration (no special env hardening; default ENABLE_MEMORIES is true).
From an unauthenticated client (no cookies/Authorization header), call:

curl -i http://\<host\>:\<port\>/api/v1/memories/ef

Observe the server performs embedding generation and returns a response like:

HTTP 200 with JSON containing the result.

How it can be abused / attacker actions:

Send repeated requests to /api/v1/memories/ef to:
consume CPU/GPU resources (DoS)
generate sustained outbound usage to embedding providers if configured (cost + rate-limit exhaustion)
degrade latency/availability for legitimate users

Impact

If embeddings are configured to use paid/remote providers (OpenAI/Azure/etc), an attacker can generate unlimited requests and incur charges.

Resolution

Fixed in commit e5035ea31, first released in v0.8.0 (Feb 2026). The /api/v1/memories/ef route was removed entirely. It was a diagnostic/debug-style endpoint that hard-coded "hello world" through the embedding function without any authentication dependency; there was no legitimate caller that depended on it, so deletion was the cleaner fix than retrofitting auth. Users on >= 0.8.0 are not affected.

AnalysisAI

Unauthenticated attackers can invoke the GET /api/v1/memories/ef endpoint in Open WebUI versions ≤0.7.2 to trigger arbitrary embedding generation without authentication, enabling cost-based attacks against paid embedding providers (OpenAI, Azure) and denial-of-service via resource exhaustion. The endpoint executes request.app.state.EMBEDDING_FUNCTION() without any authentication check, allowing unlimited free API calls to downstream embedding services. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory