Skip to main content

LDAP & OAuth First-User Race Condition Allows Unauthorized Admin Privilege Escalation in Open WebUI

Page 1

THREAT ADVISORY

CVE-2026-45675 LDAP and OAuth First-User Race Condition Allows Unauthorized Admin Privilege Escalation in Open WebUI

Publication Date: May 14, 2026 Author: Sanaan Fayaz Wani Editor: Waratchaya (June) Luangphairin Severity: HIGH (CVSS 8.1) Status: Fixed in Open WebUI 0.9.0

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: and more. Sign up and create your flipbook.
LDAP & OAuth First-User Race Condition Allows Unauthorized Admin Privilege Escalation in Open WebUI by Cyber Florida: The Florida Center for Cybersecurity - Issuu