3 matches found
CVE-2026-45350
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. In the chatcompletion API, t...
CVE-2026-45350
Open WebUI (self-hosted AI platform) has a vulnerability in the chat_completion API prior to version 0.8.6 where user-supplied tool_ids/tool_servers are used to build a tools_dict without permission checks. This allows invoking any server tool using the server’s credentials, bypassing tool restri...
openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-45350 via open-webui (=0.6.0)
open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-45350 Source advisory: OSV:GHSA-4PCG-253R-RF9W...