Lucene search
+L

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/15 9:3 p.m.7 views

CVE-2026-44569

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, there's an IDOR in the channels message management system that allows authenticated users to modify or delete any message within channels they have read access to. The vulnerability...

7.1CVSS5.8AI score0.00266EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/11 2:4 p.m.7 views

GHSA-JXWR-G6R6-J3FX Open WebUI's Insecure Message Access Breaks Authorization

Description There's an IDOR in the channels message management system that allows authenticated users to modify or delete any message within channels they have read access to. The vulnerability exists in the message update and delete endpoints, which implement channel-level authorization but...

7.1CVSS5.8AI score0.00266EPSS
Exploits1References3
CNVD
CNVD
added 2026/04/08 12:0 a.m.8 views

OpenClaw Access Control Error Vulnerability (CNVD-2026-16624)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. A security vulnerability exists in versions prior to OpenClaw 2026.3.12 that stems from a weak authorization issue in the Zalouser whitelisting schema that matches variable group display names instead of stable group...

9.8CVSS5.8AI score0.00335EPSS
Exploits0
NVD
NVD
added 2026/03/29 1:17 p.m.9 views

CVE-2026-32975

OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode that matches mutable group display names instead of stable group identifiers. Attackers can create groups with identical names to allowlisted groups to bypass channel authorization and route messages...

9.8CVSS0.00335EPSS
Exploits0References2
Rows per page
Query Builder