CVE-2026-44551 Overview
CVE-2026-44551 is an authentication bypass vulnerability in Open WebUI, a self-hosted artificial intelligence platform. Versions prior to 0.9.0 fail to validate that the password submitted to the Lightweight Directory Access Protocol (LDAP) authentication endpoint is non-empty. The LdapForm Pydantic model accepts password: str without a minimum length constraint. An empty string passes validation and triggers a Simple Bind that succeeds on permissive LDAP servers. The application then issues a full session token for the target user. The flaw maps to [CWE-287] Improper Authentication and is fixed in version 0.9.0.
Critical Impact
Unauthenticated attackers can impersonate arbitrary LDAP users and obtain full session tokens by submitting an empty password.
Affected Products
- Open WebUI versions prior to 0.9.0
- Deployments using LDAP authentication as an identity source
- LDAP servers configured to permit unauthenticated or anonymous Simple Bind operations
Discovery Timeline
- 2026-05-15 - CVE-2026-44551 published to the National Vulnerability Database (NVD)
- 2026-05-18 - Last updated in NVD database
Technical Details for CVE-2026-44551
Vulnerability Analysis
The vulnerability resides in the LDAP authentication flow of Open WebUI. The LdapForm Pydantic model declares password: str without enforcing a minimum length. Empty strings therefore satisfy schema validation. The handler forwards these credentials to Connection.bind() against the configured LDAP server. On servers that interpret a Simple Bind with an empty password as an anonymous bind that returns success, the call returns without raising an exception. The Open WebUI handler treats this success as authenticated and issues a session token tied to the supplied username. The attacker controls the username field, which allows impersonation of any account known in the directory, including administrative users.
Root Cause
The root cause is missing input validation on a security-critical credential field combined with reliance on LDAP server behavior to reject empty-password binds. Most LDAP implementations, including OpenLDAP and Active Directory in default configurations, treat Simple Bind with a non-empty DN and empty password as an anonymous bind that returns success. The application interprets this protocol-level success as proof of authentication.
Attack Vector
The attack vector is network-based and requires no prior authentication or user interaction. An attacker sends an HTTP POST request to the Open WebUI LDAP login endpoint with a valid username and an empty password field. The server performs the bind, receives a success response from the LDAP server, and returns a session token for the chosen account. The attacker then uses this token to access the platform with the target user's privileges. The vulnerability mechanism is described in the GitHub Security Advisory GHSA-2r4p-jpmg-48f4.
Detection Methods for CVE-2026-44551
Indicators of Compromise
- HTTP POST requests to the Open WebUI LDAP authentication endpoint containing an empty password parameter
- LDAP server logs showing successful Simple Bind events with empty password values originating from the Open WebUI host
- Session tokens issued to privileged accounts without a corresponding interactive login or multi-factor challenge
- Unexpected authentications from the Open WebUI service account followed by privileged actions inside the platform
Detection Strategies
- Inspect application logs for authentication attempts where the credential length is zero before the bind call
- Correlate Open WebUI session creation events with directory bind events to identify mismatches between expected and observed authentication flow
- Alert on repeated LDAP authentication requests from external sources targeting multiple usernames in short succession
Monitoring Recommendations
- Forward Open WebUI access and authentication logs to a centralized logging or SIEM platform for correlation with directory server telemetry
- Enable verbose LDAP server logging for Simple Bind operations and review anonymous bind activity
- Monitor for the creation of administrative sessions in Open WebUI and validate them against expected operator activity
How to Mitigate CVE-2026-44551
Immediate Actions Required
- Upgrade Open WebUI to version 0.9.0 or later, which adds validation rejecting empty passwords before performing the LDAP bind
- Audit Open WebUI session and user activity logs for unauthorized administrative actions since LDAP authentication was enabled
- Rotate session secrets and force re-authentication for all users after applying the patch
Patch Information
The vendor fixed CVE-2026-44551 in Open WebUI 0.9.0. The patch enforces a non-empty password constraint at the Pydantic model layer and rejects empty credentials before invoking Connection.bind(). See the Open Web UI GitHub Security Advisory for vendor guidance and release notes.
Workarounds
- Configure the upstream LDAP server to reject Simple Bind operations that contain an empty password, disabling anonymous bind where feasible
- Place Open WebUI behind a reverse proxy that rejects authentication requests with empty password fields until the upgrade is applied
- Temporarily disable LDAP authentication and use an alternative identity provider until version 0.9.0 is deployed
# Example OpenLDAP configuration to disallow anonymous and empty-password binds
# /etc/openldap/slapd.conf or equivalent cn=config attribute
disallow bind_anon
require bind
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
