Close Menu
geekfence.comgeekfence.com
    What's Hot

    I Use One UI 9 Daily – This Hidden Feature is a Game-changer

    July 6, 2026

    The Science Behind Why Soccer Players at the 2026 World Cup Are Cutting Their Socks

    July 6, 2026

    Expanding our Heat Resilience data to 50+ global cities

    July 6, 2026
    Facebook X (Twitter) Instagram
    • About Us
    • Contact Us
    Facebook Instagram
    geekfence.comgeekfence.com
    • Home
    • UK Tech News
    • AI
    • Big Data
    • Cyber Security
      • Cloud Computing
      • iOS Development
    • IoT
    • Mobile
    • Software
      • Software Development
      • Software Engineering
    • Technology
      • Green Technology
      • Nanotechnology
    • Telecom
    geekfence.comgeekfence.com
    Home»Cloud Computing»Open WebUI bug turns the ‘free model’ into an enterprise backdoor
    Cloud Computing

    Open WebUI bug turns the ‘free model’ into an enterprise backdoor

    AdminBy AdminJanuary 6, 2026No Comments2 Mins Read5 Views
    Facebook Twitter Pinterest LinkedIn Telegram Tumblr Email
    Open WebUI bug turns the ‘free model’ into an enterprise backdoor
    Share
    Facebook Twitter LinkedIn Pinterest Email



    “Open WebUI stores the JWT token in localStorage,” Cato researchers said in a blog post. “Any script running on the page can access it. Tokens are long-lived by default, lack HttpOnly, and are cross-tab. When combined with the execute event, this creates a window for account takeover.”

    The attack requires the victim to enable Direct Connections (disabled by default) and add the attacker’s malicious model URL, according to an NVD description.

    Escalating to Remote Code Execution

    The risk doesn’t stop at account takeover. If the compromised account has workspace.tools permissions, attackers can leverage that session token to push authenticated Python code through Open WebUI’s Tools API, which executes without sandboxing or validation.

    This turns a browser-level compromise into full remote code execution on the backend server. Once an attacker gets Python execution, they can install persistence mechanisms, pivot into internal networks, access sensitive data stores, or run lateral attacks.

    The flaw received a high severity rating at 8/10 base score by NVD, and a 7.3/10 base score by GitHub. The flaw was rated high rather than critical, reflecting the fact that exploitation requires the Direct Connections feature to be enabled and hinges on a user first being lured into connecting to a malicious external model server. Patch mitigation in Open WebUI v0.6.35 involves blocking “execute” SSE events from Direct Connections entirely, but any organization still on older builds remains exposed. Additionally, the researchers advised moving authentication to short-lived and HttpOnly cookies with rotation. “Pair with a strict CSP and ban dynamic code evaluation”, they added.



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Unlocking Efficiency: Alcoa transforms mining operations at Amazon Port with URWB

    July 6, 2026

    A return to two-pizza culture

    July 5, 2026

    Upgrade Amazon EKS clusters with confidence using Kubernetes version rollbacks

    July 3, 2026

    Microsoft Flags MCP Tool Descriptions as Hidden AI Agent Attack Path

    July 2, 2026

    Nokia moves SAP ERP to Azure in cloud migration deal

    July 1, 2026

    Microsoft MCP server gives AI assistants access to MSBuild logs

    June 30, 2026
    Top Posts

    Understanding U-Net Architecture in Deep Learning

    November 25, 202559 Views

    Hard-braking events as indicators of road segment crash risk

    January 14, 202631 Views

    Redefining AI efficiency with extreme compression

    March 25, 202628 Views
    Don't Miss

    I Use One UI 9 Daily – This Hidden Feature is a Game-changer

    July 6, 2026

    What’s the actual point of One UI 9? Before I installed the beta of Samsung’s…

    The Science Behind Why Soccer Players at the 2026 World Cup Are Cutting Their Socks

    July 6, 2026

    Expanding our Heat Resilience data to 50+ global cities

    July 6, 2026

    Fable 5 Returns, Sonnet 5 Gets Cheaper, But European Banks Still Can’t Deploy Either on Azure |

    July 6, 2026
    Stay In Touch
    • Facebook
    • Instagram
    About Us

    At GeekFence, we are a team of tech-enthusiasts, industry watchers and content creators who believe that technology isn’t just about gadgets—it’s about how innovation transforms our lives, work and society. We’ve come together to build a place where readers, thinkers and industry insiders can converge to explore what’s next in tech.

    Our Picks

    I Use One UI 9 Daily – This Hidden Feature is a Game-changer

    July 6, 2026

    The Science Behind Why Soccer Players at the 2026 World Cup Are Cutting Their Socks

    July 6, 2026

    Subscribe to Updates

    Please enable JavaScript in your browser to complete this form.
    Loading
    • About Us
    • Contact Us
    • Disclaimer
    • Privacy Policy
    • Terms and Conditions
    © 2026 Geekfence.All Rigt Reserved.

    Type above and press Enter to search. Press Esc to cancel.