Lucene search
+L

4 matches found

BDU FSTEC
BDU FSTEC
added 5 days ago4 views

The vulnerability of the Open WebUI web interface, related to the lack of permission checking, allows a violator to gain read access, modify data, and increase their privileges.

The vulnerability of the Open WebUI web interface relates to the lack of permission checking for workspace.models.import. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access, modify data, and enhance their privileges by sending a specially crafted POST...

6.8CVSS6.1AI score0.0029EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/15 7:30 p.m.26 views

CVE-2026-44562

Open WebUI vulnerability CVE-2026-44562 affects the model import flow. Before version 0.9.0, POST /api/v1/models/import allowed users with workspace.models_import to overwrite any existing model without ownership checks, merging the attacker payload into the target model when IDs match, and bypas...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

Open WebUI 安全漏洞

Open WebUI is an open-source, scalable, feature-rich, and user-friendly self-hosted WebUI. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the POST /api/v1/models/import endpoint, which allowed users with the workspace.models.import...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/08 7:52 p.m.9 views

Missing Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization through the importmodels process. An attacker can overwrite existing models owned by other users, modify their configuration, and escalate access by submitting crafted payloads to the...

7.1CVSS5.8AI score0.0029EPSS
Exploits1References2
Rows per page
Query Builder