Lucene search
K

5 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/15 9:5 p.m.7 views

CVE-2026-44570

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authorization controls surrounding the memories API were inconsistent, resulting in the ability of a standard user to delete, restore, and view the contents of other users' memories...

8.3CVSS5.8AI score0.00294EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/15 9:5 p.m.11 views

CVE-2026-44570 Open WebUI: Inconsistent authorization controls within memories API

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authorization controls surrounding the memories API were inconsistent, resulting in the ability of a standard user to delete, restore, and view the contents of other users' memories...

8.3CVSS5.8AI score0.00294EPSS
Exploits1References1
CVE
CVE
added 2026/05/15 9:5 p.m.21 views

CVE-2026-44570

CVE-2026-44570 affects Open WebUI prior to version 0.6.19, where authorization controls around the memories API were inconsistent. A non-admin user could query, view, delete, or attempt to modify another user’s memories via endpoints such as POST /api/v1/memories/query, POST /api/v1/memories/{mem...

8.3CVSS5.8AI score0.00294EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/15 9:5 p.m.3 views

CVE-2026-44570 Open WebUI: Inconsistent authorization controls within memories API

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authorization controls surrounding the memories API were inconsistent, resulting in the ability of a standard user to delete, restore, and view the contents of other users' memories...

8.3CVSS6AI score0.00294EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/11 2:25 p.m.12 views

Open WebUI has inconsistent authorization controls within memories API

Summary Authorization controls surrounding the memories API were inconsistent, resulting in the ability of a standard user to delete, restore, and view the contents of other users' memories. Details Using a newly created non-admin user with no existing memories, it is possible to view existing...

8.3CVSS5.8AI score0.00294EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder