This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
History

Thu, 16 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Title Improper Privilege Management in open-webui/open-webui
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 16 Jul 2026 16:00:00 +0000

Type Values Removed Values Added
Description In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attacker, acting as an admin, to delete other administrators via the API endpoint `http://0.0.0.0:8080/api/v1/users/{uuid_administrator}`. This action is restricted by the user interface but can be performed through direct API calls. This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Wed, 15 Oct 2025 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269

Wed, 15 Oct 2025 13:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-863

Fri, 18 Jul 2025 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Openwebui
Openwebui open Webui
CPEs cpe:2.3:a:openwebui:open_webui:0.3.8:*:*:*:*:*:*:*
Vendors & Products Openwebui
Openwebui open Webui
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L'}


Thu, 20 Mar 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 20 Mar 2025 10:15:00 +0000

Type Values Removed Values Added
Description In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attacker, acting as an admin, to delete other administrators via the API endpoint `http://0.0.0.0:8080/api/v1/users/{uuid_administrator}`. This action is restricted by the user interface but can be performed through direct API calls.
Title Improper Privilege Management in open-webui/open-webui
Weaknesses CWE-269
References
Metrics cvssV3_0

{'score': 8.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L'}


cve-icon MITRE

Status: REJECTED

Assigner: @huntr_ai

Published:

Updated: 2026-07-16T15:37:20.286Z

Reserved: 2024-07-23T17:54:34.513Z

Link: CVE-2024-7039

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Modified

Published: 2025-03-20T10:15:35.483

Modified: 2026-06-17T08:19:14.807

Link: CVE-2024-7039

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-13T11:14:24Z