HomeCVE Intelligence › CVE-2026-45672
CVSS 8.8 HIGH Vulnerability

CVE-2026-45672: Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false`

Summary The /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLE_CODE_EXECUTION=false. The feature gate is not enforced on the API endp…

8.8CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-45672
Vendorpip
Affected Productopen-webui
Vulnerability TypeVulnerability
CVSS Score8.8 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Summary The /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLE_CODE_EXECUTION=false. The feature gate is not enforced on the API endpoint — the configuration says "disabled" but code still executes.

Details The admin configuration correctly shows ENABLE_CODE_EXECUTION: false. However, the code execution endpoint does not check this flag before forwarding Python code to the Jupyter server. Any authenticated user can execute arbitrary code in the Jupyter container.

PoC Verified against Open WebUI v0.8.11 (latest) Docker on 2026-03-25. Setup: Jupyter server connected, ENABLE_CODE_EXECUTION=false confirmed in admin config. ```bash

Step 1: Verify code execution is disabled

curl -s

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-45672 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence