Home > Vulnerability Database > CVE-2024-7036

Mend.io Vulnerability Database

CVE-2024-7036

Date: March 20, 2025

A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel to become unresponsive. This prevents administrators from performing essential user management actions such as deleting, editing, or adding users. The vulnerability can also be exploited by authenticated users with low privileges, leading to the same unresponsive state in the Admin panel.

Severity Score

7.5

Related Resources (4)

Url: https://huntr.com/bounties/ba62d093-ab27-48fa-9c53-0602c8cdc48a

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-7036

Url: https://github.com/open-webui/open-webui

Url: https://www.mend.io/vulnerability-database/CVE-2024-7036

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-7036

Date: March 20, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?