CVE-2024-7036: Denial of Service in open-webui/open-webui
First published: Thu Mar 20 2025(Updated: )
A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel to become unresponsive. This prevents administrators from performing essential user management actions such as deleting, editing, or adding users. The vulnerability can also be exploited by authenticated users with low privileges, leading to the same unresponsive state in the Admin panel.
Credit: security@huntr.dev
| Affected Software | Affected Version | How to fix |
|---|---|---|
| open-webui |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-7036?
CVE-2024-7036 is considered a medium severity vulnerability affecting open-webui.
How do I fix CVE-2024-7036?
To fix CVE-2024-7036, validate and restrict the input length for the 'name' field to prevent excessively large text submissions.
Who is affected by CVE-2024-7036?
Any installation of open-webui version 0.3.8 is affected by CVE-2024-7036.
What impact does CVE-2024-7036 have on administrative tasks?
CVE-2024-7036 can make the Admin panel unresponsive, hindering essential user management actions.
Is CVE-2024-7036 an authenticated vulnerability?
No, CVE-2024-7036 allows unauthenticated attackers to exploit the vulnerability.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/severity
- agent/source
- agent/tags
- agent/event
- vendor/open-webui
- canonical/open-webui