Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization checks in the GET /api/tasks and POST /api/tasks/stop/taskid...

Incorrect Access Control

open-webui is vulnerable to Incorrect Access Control. The vulnerability is due to missing ownership verification in the /api/tasks/stop/ API, allowing a normal user to stop arbitrary LLM response tasks by directly cancelling tasks without proper authorization checks...

GHSA-FRV8-GFFC-37PX open-webui is Vulnerable to Incorrect Access Control

open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers a normal user to stop arbitrary LLM response tasks...

CVE-2025-63681

open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers a normal user to stop arbitrary LLM response tasks...

EUVD-2025-201164

open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers a normal user to stop arbitrary LLM response tasks...

PT-2025-49046

Name of the Vulnerable Software and Affected Versions open-webui version 0.6.33 Description The software contains a flaw related to access control. The /api/tasks/stop/ API endpoint allows direct access and cancellation of tasks without verifying user ownership. This enables an attacker, even a...