CVE-2026-45351 Open WebUI: Exposure of System Prompt to Regular User [Non-Admin]

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user non-admin logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of...

CVE-2026-45351 Open WebUI: Exposure of System Prompt to Regular User [Non-Admin]

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user non-admin logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of...

Information Exposure

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Information Exposure via the api/models endpoint. An attacker can access sensitive system prompt information by sending authenticated requests as a non-admin user. Remediation Upgrade open-webui to version...

GHSA-JH9G-8JQW-M2QX Open WebUI Exposes System Prompt to Regular User [Non-Admin]

Summary A regular user non-admin can view the system prompt of the model which is set by an admin. Details When a regular user non-admin logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of available...

PT-2026-41181

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.9 Description When a non-administrative user logs into the application, a web request to the '/api/models?' endpoint is initiated. The response from this request reveals the system prompts of available models...

CVE-2026-35619

OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endpoint that fails to enforce operator read scope requirements. Attackers with only operator.approvals scope can enumerate gateway model metadata through the HTTP compatibility route, bypassing the...

CVE-2026-35619

CVE-2026-35619 affects OpenClaw prior to 2026.3.24. The vulnerable component is the HTTP /v1/models endpoint, which fails to enforce operator.read scope, allowing attackers with operator.approvals to enumerate gateway model metadata via the HTTP compatibility route and bypass WebSocket RPC author...

CVE-2026-35619

OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endpoint that fails to enforce operator read scope requirements. Attackers with only operator.approvals scope can enumerate gateway model metadata through the HTTP compatibility route, bypassing the...

CVE-2026-35619 OpenClaw < 2026.3.24 - Authorization Bypass via HTTP /v1/models Endpoint

OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endpoint that fails to enforce operator read scope requirements. Attackers with only operator.approvals scope can enumerate gateway model metadata through the HTTP compatibility route, bypassing the...

CVE-2026-35619 OpenClaw < 2026.3.24 - Authorization Bypass via HTTP /v1/models Endpoint

OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endpoint that fails to enforce operator read scope requirements. Attackers with only operator.approvals scope can enumerate gateway model metadata through the HTTP compatibility route, bypassing the...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.24 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypasses in the HTTP/v1/models endpoints, which failed to enforce the requirement for...

OpenClaw has a Gateway HTTP /v1/models Route Bypasses Operator Read Scope

Fixed in OpenClaw 2026.3.24, the current shipping release. Summary The OpenAI-compatible HTTP endpoint /v1/models accepts bearer auth but does not enforce operator method scopes. In contrast, the WebSocket RPC path enforces operator.read for models.list. A caller connected with operator.approvals...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the /v1/models HTTP endpoint, which does not enforce the required operator read scope. An attacker can access and enumerate model metadata by sending...

EUVD-2025-6939

Malicious code in bioql PyPI...

CVE-2024-8616

In h2oai/h2o-3 version 3.46.0, the /99/Models/name/json endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the exportModelDetails function in ModelsHandler.java, where the user-controllable mexport.dir parameter is used to specify the file path for...