{"id":"PYSEC-2026-435","summary":"Open WebUI has an LDAP Empty Password Authentication Bypass","details":"# LDAP Empty Password Authentication Bypass\n\n## Affected Component\n\n LDAP authentication endpoint:\n- `backend/open_webui/routers/auths.py` (lines 468-477, user bind with empty password)\n- `backend/open_webui/models/auths.py` (lines 58-60, `LdapForm` model)\n\n## Affected Versions\n\nCurrent main branch (commit `6fdd19bf1`) and likely all versions with LDAP authentication support.\n\n## Description\n\n The LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. Per RFC 4513 Section 5.1.2, a Simple Bind with a valid DN and an empty password constitutes an \"unauthenticated simple authentication\" — many LDAP servers (including OpenLDAP in default configuration and some Active Directory setups) return success (resultCode 0) for this operation.\n\nThe `LdapForm` Pydantic model accepts `password: str` with no minimum length constraint, so an empty string passes validation. The subsequent `Connection.bind()` call succeeds on vulnerable LDAP servers, and the application issues a full session token for the target user.\n\n```python\n# models/auths.py:58-60 — no min_length on password\nclass LdapForm(BaseModel):\n    user: str\n    password: str\n\n# auths.py:469-477 — empty password reaches LDAP bind\nconnection_user = Connection(\n    server,\n    user_dn,\n    form_data.password,    # can be \"\"\n    auto_bind='NONE',\n    authentication='SIMPLE',\n)\nif not await asyncio.to_thread(connection_user.bind):\n    raise HTTPException(400, 'Authentication failed.')\n\n# If bind succeeds (which it does with empty password on many servers),\n# execution continues and a full session token is issued\n```\n\n## CVSS 3.1 Breakdown\n\n| Metric | Value | Rationale |\n|--------|-------|-----------|\n| Attack Vector | Network (N) | Exploited remotely via the LDAP login endpoint |\n| Attack Complexity | Low (L) | Single request with an empty password field |\n| Privileges Required | None (N) | No prior authentication needed |\n| User Interaction | None (N) | No victim interaction required |\n| Scope | Unchanged (U) | Impact within the application's authentication boundary |\n| Confidentiality | High (H) | Full access to victim's account data — chats, files, API keys, settings |\n| Integrity | High (H) | Can modify victim's data, settings, send messages as victim |\n| Availability | None (N) | No direct denial of service |\n\n## Attack Scenario\n\n1. LDAP authentication is enabled on the Open WebUI instance.\n2. The underlying LDAP server accepts unauthenticated simple binds (OpenLDAP default, some AD configs).\n3. Attacker sends:\n   ```\n   POST /api/v1/auths/ldap\n   {\"user\": \"admin_username\", \"password\": \"\"}\n   ```\n4. The app DN bind succeeds normally (line 366), finds the target user via LDAP search.\n5. The user bind (line 469-477) sends a Simple Bind with the target's DN and an empty password.\n6. The LDAP server returns success for the unauthenticated bind.\n7. `authenticate_user_by_email` (line 507) issues a full session token for the target user.\n8. Attacker has complete access to the victim's account.\n\n## Impact\n\n- Complete authentication bypass — any LDAP user account can be taken over without knowing the password\n- Includes admin accounts if they authenticate via LDAP\n- No rate limiting on the LDAP endpoint (unlike the password signin endpoint)\n- Zero interaction required from the victim\n \n## Preconditions\n\n- LDAP must be enabled (`ENABLE_LDAP=True`, disabled by default)\n - The LDAP server must accept unauthenticated simple binds with empty passwords (OpenLDAP default behavior, configurable on AD)\n- Attacker must know a valid LDAP username","aliases":["CVE-2026-44551","GHSA-2r4p-jpmg-48f4"],"modified":"2026-06-29T12:15:32.556108497Z","published":"2026-06-29T11:50:50.111197Z","references":[{"type":"WEB","url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-2r4p-jpmg-48f4"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44551"},{"type":"PACKAGE","url":"https://github.com/open-webui/open-webui"},{"type":"PACKAGE","url":"https://pypi.org/project/open-webui"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-2r4p-jpmg-48f4"}],"affected":[{"package":{"name":"open-webui","ecosystem":"PyPI","purl":"pkg:pypi/open-webui"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.0"}]}],"versions":["0.1.124","0.1.125","0.2.0","0.2.1","0.2.2","0.2.3","0.2.4","0.2.5","0.3.0","0.3.1","0.3.10","0.3.12","0.3.13","0.3.14","0.3.15","0.3.16","0.3.17","0.3.17.dev2","0.3.17.dev3","0.3.17.dev4","0.3.17.dev5","0.3.18","0.3.19","0.3.2","0.3.20","0.3.21","0.3.22","0.3.23","0.3.24","0.3.25","0.3.26","0.3.27","0.3.27.dev1","0.3.27.dev2","0.3.27.dev3","0.3.28","0.3.29","0.3.3","0.3.30","0.3.30.dev1","0.3.30.dev2","0.3.31","0.3.31.dev1","0.3.32","0.3.33","0.3.33.dev1","0.3.34","0.3.35","0.3.4","0.3.5","0.3.6","0.3.7","0.3.8","0.3.9","0.4.0","0.4.0.dev1","0.4.0.dev2","0.4.1","0.4.2","0.4.3","0.4.4","0.4.5","0.4.6","0.4.6.dev1","0.4.7","0.4.8","0.5.0","0.5.0.dev1","0.5.0.dev2","0.5.1","0.5.10","0.5.11","0.5.12","0.5.13","0.5.14","0.5.15","0.5.16","0.5.17","0.5.18","0.5.19","0.5.2","0.5.20","0.5.3","0.5.3.dev1","0.5.4","0.5.5","0.5.6","0.5.7","0.5.8","0.5.9","0.6.0","0.6.1","0.6.10","0.6.11","0.6.12","0.6.13","0.6.14","0.6.15","0.6.16","0.6.18","0.6.19","0.6.2","0.6.20","0.6.21","0.6.22","0.6.23","0.6.24","0.6.25","0.6.26","0.6.26.dev1","0.6.27","0.6.28","0.6.29","0.6.3","0.6.30","0.6.31","0.6.32","0.6.33","0.6.34","0.6.35","0.6.36","0.6.37","0.6.38","0.6.39","0.6.4","0.6.40","0.6.41","0.6.42","0.6.43","0.6.5","0.6.6","0.6.6.dev1","0.6.7","0.6.8","0.6.9","0.7.0","0.7.1","0.7.2","0.8.0","0.8.1","0.8.10","0.8.11","0.8.12","0.8.2","0.8.3","0.8.4","0.8.5","0.8.6","0.8.7","0.8.8","0.8.9"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/open-webui/PYSEC-2026-435.yaml","last_known_affected_version_range":"\u003c= 0.8.12"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}