Lucene search
K

6 matches found

NVD
NVD
added 2026/05/15 10:16 p.m.14 views

CVE-2026-45365

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, an internal-only bypassfilter parameter is exposed on the /openai/chat/completions and /ollama/api/chat HTTP endpoints via FastAPI query string binding, allowing any authenticated...

5.4CVSS0.00193EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

Open WebUI 授权问题漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under the open source Open WebUI project. Versions of Open WebUI prior to 0.8.11 had an authorization issue vulnerability. This vulnerability stemmed from the internal bypassfilter parameter being exposed through FastA...

5.4CVSS5.8AI score0.00193EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/14 8:25 p.m.10 views

Improper Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Improper Authorization via the bypassfilter parameter in the HTTP query string, which is unintentionally exposed in the route handler. An attacker can gain unauthorized access to restricted models by appendin...

5.4CVSS5.8AI score0.00193EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/08 7:52 p.m.11 views

Missing Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the generatecompletion, embed, embeddings, and showmodelinfo functions. An attacker can access restricted model information and consume compute resources by sending crafted API reques...

5.4CVSS5.8AI score0.00238EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/08 7:45 p.m.9 views

Missing Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization through the /responses endpoint, which fails to enforce per-model access control. An attacker can interact with any configured model, including those restricted by administrators, by...

7.1CVSS5.9AI score0.00306EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/08 7:45 p.m.11 views

Missing Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the basemodelid process. An attacker can gain unauthorized access to restricted models by creating a new model that chains to a restricted base model and invoking it, causing the serv...

7.6CVSS5.8AI score0.00248EPSS
Exploits1References2
Rows per page
Query Builder