2485 matches found
CVE-2026-44558 Open WebUI: Channel Access Grants Bypass filter_allowed_access_grants
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the channel router does not call filterallowedaccessgrants on either create or update paths. A non-admin user who can create group channels or who owns a channel can submit arbitrary...
CVE-2026-44558
Open WebUI contains a vulnerability in the channel access grants path prior to version 0.9.0. The channel router does not call filter_allowed_access_grants on create or update, allowing a non-admin user who can create or own a group channel to submit arbitrary access grants (including public wild...
CVE-2026-41702
VMware Fusion is affected by a local privilege escalation TOCTOU flaw in a SETUID binary (CVE-2026-41702). The issue allows a non-administrative local user to escalate to root on systems with Fusion installed. Connected advisories confirm a fix in Fusion 26H1; the remediation is to apply the 26H1...
GHSA-JH9G-8JQW-M2QX Open WebUI Exposes System Prompt to Regular User [Non-Admin]
Summary A regular user non-admin can view the system prompt of the model which is set by an admin. Details When a regular user non-admin logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of available...
Open WebUI's chat completion API allows tool restrictions to be bypassed
Summary Open WebUI v0.6.43 contains a vulnerability in its chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. Details In the chatcompletion API, the parameters toolids and toolservers are supplied by the user. These...
Valtimo 代码注入漏洞
Valtimo is an open-source low-code platform for business process automation developed by Valtimo in the Netherlands. Versions of Valtimo from 12.0.0 to 12.32.0 contained a code injection vulnerability. This vulnerability stemmed from the use of StandardEvaluationContext to evaluate Spring...
CVE-2026-0235
A race condition vulnerability in Palo Alto Networks Prisma® Browser enables a locally authenticated non-admin user to bypass certain access and data control policies...
CVE-2026-0246 Prisma Access Agent: Local Privilege Escalation Vulnerability
A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. This allows the user to execute arbitrary code an...
CVE-2026-0246
CVE-2026-0246: Prisma Access Agent contains a privilege management flaw that allows a locally authenticated non-administrative user to escalate to root on macOS/Linux or NT AUTHORITY\SYSTEM on Windows, enabling arbitrary code execution and access to privileged data. Affected: Prisma Access Agent ...
CVE-2026-0237
An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authenticated non-admin user to leverage an exposed communication channel to send unauthorized commands t...
CVE-2026-0235
CVE-2026-0235 is a race-condition vulnerability in Palo Alto Networks Prisma Browser. The description states that a locally authenticated non-admin user can bypass certain access and data control policies due to this race condition. No specific vulnerable components, versions, or root-cause detai...
PT-2026-40747
Name of the Vulnerable Software and Affected Versions Prisma Browser affected versions not specified Description A race condition allows a locally authenticated non-admin user to bypass specific access and data control policies. A race condition is a situation where the system's substantive...
PT-2026-40770
Name of the Vulnerable Software and Affected Versions Palo Alto Networks Prisma Access Agent affected versions not specified Description A flaw in the privilege management mechanism allows a locally authenticated non-administrative user to escalate privileges to root on macOS and Linux, or NT...
PT-2026-40748
Name of the Vulnerable Software and Affected Versions Prisma Browser on macOS affected versions not specified Description A code injection issue exists where the software fails to properly restrict access to its AppleScript interface. This allows a locally authenticated non-admin user to use an...
EUVD-2026-29209
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiobookshelf ZIP file entirely into memory using zip.entryData, with no limit on the decompressed size. The upload middleware als...
CVE-2026-42886
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiobookshelf ZIP file entirely into memory using zip.entryData, with no limit on the decompressed size. The upload middleware als...
CVE-2026-42312
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The option "general",...
CVE-2026-42607 Grav: Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install Feature
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with administrative privileges can achieve Remote Code Execution RCE by uploading a specially crafted ZIP file through the "Direct Install" tool. While the system attempts to block direct .php file uploads, it fails t...
GHSA-HMJQ-CRXP-7RJW Open WebUI has inconsistent authorization controls within memories API
Summary Authorization controls surrounding the memories API were inconsistent, resulting in the ability of a standard user to delete, restore, and view the contents of other users' memories. Details Using a newly created non-admin user with no existing memories, it is possible to view existing...
GHSA-7RJH-PX4V-5W55 Open WebUI's Channel Access Grants Bypass filter_allowed_access_grants
Channel Access Grants Bypass filterallowedaccessgrants Affected Component Channel creation and update endpoints: - backend/openwebui/routers/channels.py lines 291-340, createnewchannel - backend/openwebui/routers/channels.py lines 617-638, updatechannelbyid - backend/openwebui/models/channels.py...