6 matches found
CVE-2026-45365
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, an internal-only bypassfilter parameter is exposed on the /openai/chat/completions and /ollama/api/chat HTTP endpoints via FastAPI query string binding, allowing any authenticated...
Open WebUI 授权问题漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under the open source Open WebUI project. Versions of Open WebUI prior to 0.8.11 had an authorization issue vulnerability. This vulnerability stemmed from the internal bypassfilter parameter being exposed through FastA...
Improper Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Improper Authorization via the bypassfilter parameter in the HTTP query string, which is unintentionally exposed in the route handler. An attacker can gain unauthorized access to restricted models by appendin...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the generatecompletion, embed, embeddings, and showmodelinfo functions. An attacker can access restricted model information and consume compute resources by sending crafted API reques...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization through the /responses endpoint, which fails to enforce per-model access control. An attacker can interact with any configured model, including those restricted by administrators, by...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the basemodelid process. An attacker can gain unauthorized access to restricted models by creating a new model that chains to a restricted base model and invoking it, causing the serv...