Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/05/15 9:23 p.m.12 views

CVE-2026-45350 Open WebUI: Chat completion API allows tool restrictions to be bypassed

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. In the chatcompletion API, t...

7.1CVSS5.8AI score0.0026EPSS
Exploits1References1
CVE
CVE
added 2026/05/15 9:23 p.m.30 views

CVE-2026-45350

Open WebUI (self-hosted AI platform) has a vulnerability in the chat_completion API prior to version 0.8.6 where user-supplied tool_ids/tool_servers are used to build a tools_dict without permission checks. This allows invoking any server tool using the server’s credentials, bypassing tool restri...

7.1CVSS5.8AI score0.0026EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/15 9:23 p.m.3 views

CVE-2026-45350 Open WebUI: Chat completion API allows tool restrictions to be bypassed

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. In the chatcompletion API, t...

7.1CVSS7AI score0.0026EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/15 9:23 p.m.105 views

CVE-2026-45350 Open WebUI: Chat completion API allows tool restrictions to be bypassed

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. In the chatcompletion API, t...

7.1CVSS0.0026EPSS
Exploits1References1
Rows per page
Query Builder