Improper access control in Open WebUI - #VU130164
Published: May 5, 2026
Open WebUI
Detailed vulnerability description
The vulnerability allows a remote user to poison shared cache data across instances and disclose sensitive information.
The vulnerability exists due to improper access control in the tool server and terminal server Redis cache in backend/open_webui/utils/tools.py when multiple instances share a Redis backend. A remote privileged user can write attacker-controlled tool server or terminal server entries to unprefixed Redis keys to poison shared cache data across instances and disclose sensitive information.
Exploitation requires multiple Open WebUI instances to share a single Redis backend.