CVE-2026-45666

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v1/notes/noteid endpoint lacks proper authorization checks, allowing authenticated users to retrieve notes belonging to other users by guessing or enumerating UUIDs. Th...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-45666 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-45666 Source advisory: SNYK:PYTHON-OPENWEBUI-16725482...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2026-45666 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2026-45666 Source advisory: OSV:GHSA-X3QM-P8HR-3C3H...

CVE-2026-45666

creationtimestamp| type| source ---|---|--- 2026-05-11 19:03:58+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-x3qm-p8hr-3c3h...