Vulnerabilities

CVE-2026-0767 - Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerabi...

2026-01-23 0 views admin

CVE ID : CVE-2026-0767 Published : Jan. 23, 2026, 3:28 a.m. | 47 minutes ago Description : Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of credentials provided to the endpoint. The issue results from transmitting sensitive information in plaintext. An attacker can leverage this vulnerability to disclose transmitted credentials, leading to further compromise. Was ZDI-CAN-28259. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-0767

Severity

MEDIUM

Published

Jan. 23, 2026

Attack Vector: network

Impact: Information Disclosure

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-0767medium

CVE-2026-0767 - Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerabi...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-27629 - InvenTree Vulnerable to Server Side Template Injection (SSTI)

CVE-2026-27628 - pypdf has a possible infinite loop when loading circular /Prev entries in cross-...

CVE-2026-27626 - OliveTin vulnerable to OS Command Injection via `password` argument type and web...

CVE-2026-27621 - TypiCMS Core has Stored Cross-Site Scripting (XSS) via SVG File Upload

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting