31 matches found
CVE-2026-45345 Open WebUI: Missing authorization check at the model update function - models from other users can be updated
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.7, a user can modify another user's model even if its visibility is set to Private. By changing the access permissions during editing, unauthorized access can be gained. This...
CVE-2026-45365
Open WebUI suffers a parameter binding flaw: an internal bypass_filter parameter was exposed in the HTTP handlers for /openai/chat/completions and /ollama/api/chat via FastAPI query binding. This allowed any authenticated user to append ?bypass_filter=true and skip the ACL check, enabling access ...
CVE-2026-45365 Open WebUI: Authenticated users can bypass model access control via exposed query parameter
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, an internal-only bypassfilter parameter is exposed on the /openai/chat/completions and /ollama/api/chat HTTP endpoints via FastAPI query string binding, allowing any authenticated...
CVE-2026-45365
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, an internal-only bypassfilter parameter is exposed on the /openai/chat/completions and /ollama/api/chat HTTP endpoints via FastAPI query string binding, allowing any authenticated...
CVE-2026-45365 Open WebUI: Authenticated users can bypass model access control via exposed query parameter
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, an internal-only bypassfilter parameter is exposed on the /openai/chat/completions and /ollama/api/chat HTTP endpoints via FastAPI query string binding, allowing any authenticated...
CVE-2026-44556
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /responses endpoint in the OpenAI router accepts any authenticated user and forwards requests directly to upstream LLM providers without enforcing per-model access control. While...
EUVD-2026-30624
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /responses endpoint in the OpenAI router accepts any authenticated user and forwards requests directly to upstream LLM providers without enforcing per-model access control. While...
CVE-2026-44556 Open WebUI: responses passthrough endpoint lacks access control authorization
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /responses endpoint in the OpenAI router accepts any authenticated user and forwards requests directly to upstream LLM providers without enforcing per-model access control. While...
CVE-2026-44556
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /responses endpoint in the OpenAI router accepts any authenticated user and forwards requests directly to upstream LLM providers without enforcing per-model access control. While...
EUVD-2026-30614
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints accept any model name from the user and forward the request to the Ollama backend without checking whether the...
CVE-2026-44563
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints accept any model name from the user and forward the request to the Ollama backend without checking whether the...
CVE-2026-44563 Open WebUI: Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints accept any model name from the user and forward the request to the Ollama backend without checking whether the...
CVE-2026-44563
Open WebUI/Open WebUI’s Ollama integration vulnerability (CVE-2026-44563) affects the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints. These endpoints forward a user-supplied model name to the Ollama backend without enforcing AccessGrants.has_access(), effectively bypassing mo...
Open WebUI: Authenticated users can bypass model access control via exposed query parameter [AI-ASSISTED]
Summary An internal-only bypassfilter parameter is exposed on the /openai/chat/completions and /ollama/api/chat HTTP endpoints via FastAPI query string binding, allowing any authenticated user to append ?bypassfilter=true and bypass model access control checks to invoke admin-restricted models...
GHSA-V6QF-75PR-P96M Open WebUI: Authenticated users can bypass model access control via exposed query parameter [AI-ASSISTED]
Summary An internal-only bypassfilter parameter is exposed on the /openai/chat/completions and /ollama/api/chat HTTP endpoints via FastAPI query string binding, allowing any authenticated user to append ?bypassfilter=true and bypass model access control checks to invoke admin-restricted models...
PT-2026-41183
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.11 Description An internal-only bypass filter parameter is exposed on the '/openai/chat/completions' and '/ollama/api/chat' HTTP endpoints due to FastAPI query string binding. This allows any authenticated user...
Open WebUI's Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show
Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show Affected Component Ollama proxy endpoints missing model access control: - backend/openwebui/routers/ollama.py lines 955-995, generatecompletion - backend/openwebui/routers/ollama.py lines 835-881, emb...
GHSA-RCVP-6FGW-C7FH Open WebUI's Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show
Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show Affected Component Ollama proxy endpoints missing model access control: - backend/openwebui/routers/ollama.py lines 955-995, generatecompletion - backend/openwebui/routers/ollama.py lines 835-881, emb...
GHSA-HP5M-24VP-VQ2Q Open WebUI's responses passthrough endpoint lacks access control authorization
Summary The /responses endpoint in the OpenAI router accepts any authenticated user and forwards requests directly to upstream LLM providers without enforcing per-model access control. While the primary chat completion endpoint generatechatcompletion checks model ownership, group membership, and...
Open WebUI's responses passthrough endpoint lacks access control authorization
Summary The /responses endpoint in the OpenAI router accepts any authenticated user and forwards requests directly to upstream LLM providers without enforcing per-model access control. While the primary chat completion endpoint generatechatcompletion checks model ownership, group membership, and...