CVE-2026-44563 Open WebUI: Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints accept any model name from the user and forward the request to the Ollama backend without checking whether the...

Ollama Unauthenticated Access

By default, Ollama does not require authentication to access the application. This allows an attacker to perform arbitrary modifications on experiments or models in the web interface. This detection is included in the AI and LLM category. No source data...