Lucene search
K

4 matches found

OSV
OSV
added 2026/05/15 9:3 p.m.2 views

CVE-2026-44569 Open WebUI: Insecure Message Access Breaks Authorization

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, there's an IDOR in the channels message management system that allows authenticated users to modify or delete any message within channels they have read access to. The vulnerability...

7.1CVSS6AI score0.00266EPSS
Exploits1References3
CVE
CVE
added 2026/05/15 9:3 p.m.28 views

CVE-2026-44569

Open WebUI CVE-2026-44569 describes an IDOR in the channel messages management system. Before version 0.6.19, authenticated users could modify or delete any message in channels they can read because message ownership validation was missing in the backend update/delete endpoints, even though the f...

7.1CVSS5.8AI score0.00266EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/11 2:4 p.m.7 views

GHSA-JXWR-G6R6-J3FX Open WebUI's Insecure Message Access Breaks Authorization

Description There's an IDOR in the channels message management system that allows authenticated users to modify or delete any message within channels they have read access to. The vulnerability exists in the message update and delete endpoints, which implement channel-level authorization but...

7.1CVSS5.8AI score0.00266EPSS
Exploits1References3
OSV
OSV
added 2022/07/28 5:15 p.m.12 views

CVE-2016-4427

In zulip before 1.3.12, deactivated users could access messages if SSO was enabled...

7.5CVSS6.8AI score
Exploits0References1
Rows per page
Query Builder