Open Web UI PDF Generation Service Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in open-webui/open-webui version 0.3.10. The issue arises in the 'api/v1/utils/pdf' endpoint, which lacks authentication, allowing unauthenticated attackers to access the PDF generation service. Exploitation involves sending a POST request with a large payload, potentially exhausting server resources and causing a denial-of-service condition. Additionally, unauthorized users can generate PDFs through this endpoint without any verification, leading to service misuse and possible operational and financial repercussions.

Impact

Exploitation of this vulnerability can cause server resource exhaustion, leading to a denial-of-service condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open Web UI PDF Generation Service Denial-of-Service Vulnerability

Vulnerability

Impact

Affected Products

open-webui/open-webui

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating