HomeCVE Intelligence › CVE-2026-44565
CVSS 8.1 HIGH Vulnerability

CVE-2026-44565: Open WebUI Arbitrary File Write, Delete via Path Traversal

CONFIDENTIAL Vulnerability Disclosure Analysis Documentation ----------------------------------------------Vulnerability Details --------------------1. Discoverer: Taylor Pennington of KoreLogic, Inc. 2. Date Submitted:…

8.1CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-44565
Vendorpip
Affected Productopen-webui
Vulnerability TypeVulnerability
CVSS Score8.1 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

CONFIDENTIAL Vulnerability Disclosure Analysis Documentation ----------------------------------------------- Vulnerability Details --------------------- 1. Discoverer: Taylor Pennington of KoreLogic, Inc. 2. Date Submitted: June 11, 2024 3. Title: Open WebUI Arbitrary File Write, Delete via Path Traversal 4. High-level Summary: Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability. After the file is written, it is deleted. 5. Affected Vendor: Open WebUI 6. Affected Product(s): Open WebUI (Formerly Ollama WebUI) 7. Affected Version(s): 0.1.105 8. Platform/OS: Debian GNU/Linux 12 (bookworm) 9. Vector: HTTP web interface 10. CWE: 22 Improper Limitation of a Pathname to a Restricted Directory ('Path Trave

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-44565 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence