Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.9 views

CVE-2026-45396

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...

5.4CVSS5.6AI score0.00307EPSS
Exploits1References1
NVD
NVD
added 2026/05/15 9:16 p.m.29 views

CVE-2026-45396

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...

5.4CVSS0.00307EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 8:33 p.m.18 views

EUVD-2026-30630

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...

5.4CVSS5.9AI score0.00307EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 8:33 p.m.9 views

CVE-2026-45396

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...

5.4CVSS5.9AI score0.00307EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/15 8:33 p.m.3 views

CVE-2026-45396 Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...

5.4CVSS6.3AI score0.00307EPSS
Exploits1References3
Rows per page
Query Builder