Open WebUI Unauthenticated Embedding Generation Vulnerability Allowing Cost Exposure

A vulnerability in Open WebUI versions through 0.7.2 allows unauthenticated users to access the GET /api/v1/memories/ef endpoint. This endpoint, which is reachable without authentication, triggers the EMBEDDING_FUNCTION with a hard-coded parameter. As a result, any unauthenticated caller can initiate embedding generation, potentially leading to direct costs if a paid embedding provider is used. Additionally, this vulnerability could be exploited to consume server resources, causing a denial-of-service effect.

Impact

Exploitation of this vulnerability allows for unauthorized embedding generation, which can result in unexpected charges when using paid embedding services. It also enables the consumption of CPU or GPU resources, creating a denial-of-service condition by degrading performance and availability for legitimate users.

Reproduction

To reproduce this vulnerability, start Open WebUI in its default configuration, ensuring that the ENABLE_MEMORIES feature is turned on. Then, from an unauthenticated client, send a request to the /api/v1/memories/ef endpoint. The server will respond by performing embedding generation and returning the result, indicating that the vulnerability has been successfully exploited.

Remediation

Users can upgrade to Open WebUI version 0.8.0 or later, where this vulnerability has been fixed by removing the unauthenticated endpoint entirely.