Vulnerability-Lookup

CVE-2026-45675 (GCVE-0-2026-45675)

Vulnerability from cvelistv5 – Published: 2026-05-15 19:12 – Updated: 2026-05-19 13:06

Title

Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts

Summary

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) pattern for first-user admin role assignment. The regular signup handler (signup_handler in auths.py, line 663) was explicitly patched to prevent this race with the comment "Insert with default role first to avoid TOCTOU race", but the LDAP and OAuth code paths were never updated with the same fix. This vulnerability is fixed in 0.9.0.

Severity

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-269 - Improper Privilege Management
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/open-webui/open-webui/security…	x_refsource_CONFIRM
https://github.com/open-webui/open-webui/pull/23626	x_refsource_MISC
https://github.com/open-webui/open-webui/commit/9…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
open-webui	open-webui	Affected: < 0.9.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-45675",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-19T03:55:45.762046Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-19T13:06:22.017Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "open-webui",
          "vendor": "open-webui",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.9.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) pattern for first-user admin role assignment. The regular signup handler (signup_handler in auths.py, line 663) was explicitly patched to prevent this race with the comment \"Insert with default role first to avoid TOCTOU race\", but the LDAP and OAuth code paths were never updated with the same fix. This vulnerability is fixed in 0.9.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269: Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-15T19:12:57.665Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/open-webui/open-webui/security/advisories/GHSA-h3ww-q6xx-w7x3",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-h3ww-q6xx-w7x3"
        },
        {
          "name": "https://github.com/open-webui/open-webui/pull/23626",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/open-webui/open-webui/pull/23626"
        },
        {
          "name": "https://github.com/open-webui/open-webui/commit/96a0b3239b1aadb23fc359bf10849c9ba12fd6ec",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/open-webui/open-webui/commit/96a0b3239b1aadb23fc359bf10849c9ba12fd6ec"
        }
      ],
      "source": {
        "advisory": "GHSA-h3ww-q6xx-w7x3",
        "discovery": "UNKNOWN"
      },
      "title": "Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-45675",
    "datePublished": "2026-05-15T19:12:57.665Z",
    "dateReserved": "2026-05-12T21:59:25.666Z",
    "dateUpdated": "2026-05-19T13:06:22.017Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-45675",
      "date": "2026-06-01",
      "epss": "0.00115",
      "percentile": "0.29901"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-45675\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-15T20:16:49.220\",\"lastModified\":\"2026-05-19T14:16:46.820\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) pattern for first-user admin role assignment. The regular signup handler (signup_handler in auths.py, line 663) was explicitly patched to prevent this race with the comment \\\"Insert with default role first to avoid TOCTOU race\\\", but the LDAP and OAuth code paths were never updated with the same fix. This vulnerability is fixed in 0.9.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"},{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.9.0\",\"matchCriteriaId\":\"0FB90EC3-1665-446E-AA35-4AEC207A2F3B\"}]}]}],\"references\":[{\"url\":\"https://github.com/open-webui/open-webui/commit/96a0b3239b1aadb23fc359bf10849c9ba12fd6ec\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/open-webui/open-webui/pull/23626\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/open-webui/open-webui/security/advisories/GHSA-h3ww-q6xx-w7x3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-45675\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-19T03:55:45.762046Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-15T20:20:23.584Z\"}}], \"cna\": {\"title\": \"Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts\", \"source\": {\"advisory\": \"GHSA-h3ww-q6xx-w7x3\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"open-webui\", \"product\": \"open-webui\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.9.0\"}]}], \"references\": [{\"url\": \"https://github.com/open-webui/open-webui/security/advisories/GHSA-h3ww-q6xx-w7x3\", \"name\": \"https://github.com/open-webui/open-webui/security/advisories/GHSA-h3ww-q6xx-w7x3\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/open-webui/open-webui/pull/23626\", \"name\": \"https://github.com/open-webui/open-webui/pull/23626\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/open-webui/open-webui/commit/96a0b3239b1aadb23fc359bf10849c9ba12fd6ec\", \"name\": \"https://github.com/open-webui/open-webui/commit/96a0b3239b1aadb23fc359bf10849c9ba12fd6ec\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) pattern for first-user admin role assignment. The regular signup handler (signup_handler in auths.py, line 663) was explicitly patched to prevent this race with the comment \\\"Insert with default role first to avoid TOCTOU race\\\", but the LDAP and OAuth code paths were never updated with the same fix. This vulnerability is fixed in 0.9.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269: Improper Privilege Management\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-362\", \"description\": \"CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-15T19:12:57.665Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-45675\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-19T13:06:22.017Z\", \"dateReserved\": \"2026-05-12T21:59:25.666Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-15T19:12:57.665Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-45675

Vulnerability from fkie_nvd - Published: 2026-05-15 20:16 - Updated: 2026-05-19 14:16

Severity

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/open-webui/open-webui/commit/96a0b3239b1aadb23fc359bf10849c9ba12fd6ec	Patch
security-advisories@github.com	https://github.com/open-webui/open-webui/pull/23626	Issue Tracking
security-advisories@github.com	https://github.com/open-webui/open-webui/security/advisories/GHSA-h3ww-q6xx-w7x3	Exploit, Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	openwebui	open_webui	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FB90EC3-1665-446E-AA35-4AEC207A2F3B",
              "versionEndExcluding": "0.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) pattern for first-user admin role assignment. The regular signup handler (signup_handler in auths.py, line 663) was explicitly patched to prevent this race with the comment \"Insert with default role first to avoid TOCTOU race\", but the LDAP and OAuth code paths were never updated with the same fix. This vulnerability is fixed in 0.9.0."
    }
  ],
  "id": "CVE-2026-45675",
  "lastModified": "2026-05-19T14:16:46.820",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-05-15T20:16:49.220",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/open-webui/open-webui/commit/96a0b3239b1aadb23fc359bf10849c9ba12fd6ec"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://github.com/open-webui/open-webui/pull/23626"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-h3ww-q6xx-w7x3"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        },
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-H3WW-Q6XX-W7X3

Vulnerability from github – Published: 2026-05-14 20:28 – Updated: 2026-05-15 23:55

Summary

Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts

Details

Summary

The LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) pattern for first-user admin role assignment. The regular signup handler (signup_handler in auths.py, line 663) was explicitly patched to prevent this race with the comment "Insert with default role first to avoid TOCTOU race", but the LDAP and OAuth code paths were never updated with the same fix.

Vulnerable Code

LDAP (auths.py, lines 479-490)

# Line 482 - CHECK: is the user table empty?
role = 'admin' if not Users.has_users(db=db) else request.app.state.config.DEFAULT_USER_ROLE

# Lines 484-490 - USE: create user with the role determined above
user = Auths.insert_new_auth(
    email=email,
    password=str(uuid.uuid4()),
    name=cn,
    role=role,   # <-- role was determined BEFORE insert, race window exists
    db=db,
)

OAuth (oauth.py, lines 1103-1112, 1566-1574)

# Line 1104 - CHECK: count users
def get_user_role(self, user, user_data):
    user_count = Users.get_num_users()
    if not user and user_count == 0:
        return 'admin'    # Line 1112

# Lines 1566-1574 - USE: create user with pre-determined role
user = Auths.insert_new_auth(
    ...
    role=self.get_user_role(None, user_data),  # Line 1571
    ...
)

Both paths determine the role BEFORE inserting the user, creating a race window where multiple concurrent requests on a fresh instance can all observe an empty database and all receive the admin role.

Comparison with Patched Signup

The signup_handler (auths.py, line 663) was explicitly fixed:

# Insert with default role first to avoid TOCTOU race
user = Auths.insert_new_auth(..., role=DEFAULT_USER_ROLE, ...)
# Then check if this is the only user and upgrade
if Users.get_num_users() == 1:
    Users.update_user_role_by_id(user.id, 'admin')

The LDAP and OAuth paths did NOT receive this fix.

Exploitation

Deploy Open WebUI with LDAP or OAuth enabled on a fresh instance (no existing users)
Send multiple concurrent authentication requests from different users
Multiple requests pass the has_users() / get_num_users() == 0 check simultaneously
All concurrent users become administrators

DATABASE_ENABLE_SESSION_SHARING defaults to False (env.py:387), so each call uses its own database session, widening the race window.

Impact

Any LDAP/OAuth user who times their first login concurrently with the legitimate first admin can escalate to full admin privileges, gaining access to all user data, system configuration, API keys, and connected LLM backends.

Suggested Fix

Apply the same insert-then-check pattern used in signup_handler: insert the user with DEFAULT_USER_ROLE first, then atomically check if this is the only user and upgrade to admin only if so.

Resolution

Fixed in PR #23626 (commit 96a0b3239), first released in v0.9.0 (Apr 2026). Both LDAP (routers/auths.py) and OAuth (utils/oauth.py) registration paths now use the same insert-first-check-after pattern that signup_handler already had:

Insert the new user with DEFAULT_USER_ROLE unconditionally — no pre-insert role decision based on user count.
After the insert commits, atomically call Users.get_num_users() == 1 to check whether this is the sole user.
Only the sole user gets promoted to admin via Users.update_user_role_by_id.

OAuthManager.get_user_role was also updated to return DEFAULT_USER_ROLE (not admin) for first-user bootstrap; admin promotion is deferred to the post-insert check above. With this ordering, two concurrent first-user registrations that both observe an empty table can both insert, but only one will see get_num_users() == 1 afterward — the other will see == 2 and not be promoted.

Users on >= 0.9.0 are not affected.

Severity

8.1 (High)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.8.12"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "open-webui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.9.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-45675"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-362"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-14T20:28:46Z",
    "nvd_published_at": "2026-05-15T20:16:49Z",
    "severity": "HIGH"
  },
  "details": "## Summary\n\nThe LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) pattern for first-user admin role assignment. The regular signup handler (`signup_handler` in auths.py, line 663) was explicitly patched to prevent this race with the comment *\"Insert with default role first to avoid TOCTOU race\"*, but the LDAP and OAuth code paths were never updated with the same fix.\n\n## Vulnerable Code\n\n### LDAP (auths.py, lines 479-490)\n```python\n# Line 482 - CHECK: is the user table empty?\nrole = \u0027admin\u0027 if not Users.has_users(db=db) else request.app.state.config.DEFAULT_USER_ROLE\n\n# Lines 484-490 - USE: create user with the role determined above\nuser = Auths.insert_new_auth(\n    email=email,\n    password=str(uuid.uuid4()),\n    name=cn,\n    role=role,   # \u003c-- role was determined BEFORE insert, race window exists\n    db=db,\n)\n```\n\n### OAuth (oauth.py, lines 1103-1112, 1566-1574)\n```python\n# Line 1104 - CHECK: count users\ndef get_user_role(self, user, user_data):\n    user_count = Users.get_num_users()\n    if not user and user_count == 0:\n        return \u0027admin\u0027    # Line 1112\n\n# Lines 1566-1574 - USE: create user with pre-determined role\nuser = Auths.insert_new_auth(\n    ...\n    role=self.get_user_role(None, user_data),  # Line 1571\n    ...\n)\n```\n\nBoth paths determine the role BEFORE inserting the user, creating a race window where multiple concurrent requests on a fresh instance can all observe an empty database and all receive the `admin` role.\n\n## Comparison with Patched Signup\n\nThe `signup_handler` (auths.py, line 663) was explicitly fixed:\n```python\n# Insert with default role first to avoid TOCTOU race\nuser = Auths.insert_new_auth(..., role=DEFAULT_USER_ROLE, ...)\n# Then check if this is the only user and upgrade\nif Users.get_num_users() == 1:\n    Users.update_user_role_by_id(user.id, \u0027admin\u0027)\n```\n\nThe LDAP and OAuth paths did NOT receive this fix.\n\n## Exploitation\n\n1. Deploy Open WebUI with LDAP or OAuth enabled on a fresh instance (no existing users)\n2. Send multiple concurrent authentication requests from different users\n3. Multiple requests pass the `has_users()` / `get_num_users() == 0` check simultaneously\n4. All concurrent users become administrators\n\n`DATABASE_ENABLE_SESSION_SHARING` defaults to `False` (env.py:387), so each call uses its own database session, widening the race window.\n\n## Impact\n\nAny LDAP/OAuth user who times their first login concurrently with the legitimate first admin can escalate to full admin privileges, gaining access to all user data, system configuration, API keys, and connected LLM backends.\n\n## Suggested Fix\n\nApply the same insert-then-check pattern used in `signup_handler`: insert the user with `DEFAULT_USER_ROLE` first, then atomically check if this is the only user and upgrade to admin only if so.\n\n## Resolution\n\nFixed in PR [#23626](https://github.com/open-webui/open-webui/pull/23626) (commit [96a0b3239](https://github.com/open-webui/open-webui/commit/96a0b3239b1aadb23fc359bf10849c9ba12fd6ec)), first released in **v0.9.0** (Apr 2026). Both LDAP (`routers/auths.py`) and OAuth (`utils/oauth.py`) registration paths now use the same insert-first-check-after pattern that `signup_handler` already had:\n\n1. Insert the new user with `DEFAULT_USER_ROLE` unconditionally \u2014 no pre-insert role decision based on user count.\n2. After the insert commits, atomically call `Users.get_num_users() == 1` to check whether this is the sole user.\n3. Only the sole user gets promoted to `admin` via `Users.update_user_role_by_id`.\n\n`OAuthManager.get_user_role` was also updated to return `DEFAULT_USER_ROLE` (not `admin`) for first-user bootstrap; admin promotion is deferred to the post-insert check above. With this ordering, two concurrent first-user registrations that both observe an empty table can both insert, but only one will see `get_num_users() == 1` afterward \u2014 the other will see `== 2` and not be promoted.\n\nUsers on `\u003e= 0.9.0` are not affected.",
  "id": "GHSA-h3ww-q6xx-w7x3",
  "modified": "2026-05-15T23:55:05Z",
  "published": "2026-05-14T20:28:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-h3ww-q6xx-w7x3"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45675"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open-webui/open-webui/pull/23626"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open-webui/open-webui/commit/96a0b3239b1aadb23fc359bf10849c9ba12fd6ec"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/open-webui/open-webui"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open-webui/open-webui/releases/tag/v0.9.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-45675 (GCVE-0-2026-45675)

FKIE_CVE-2026-45675

GHSA-H3WW-Q6XX-W7X3

Summary

Vulnerable Code

LDAP (auths.py, lines 479-490)

OAuth (oauth.py, lines 1103-1112, 1566-1574)

Comparison with Patched Signup

Exploitation

Impact

Suggested Fix

Resolution

Tags

Sightings

Nomenclature