CVE-2026-44569

7.1 HIGH

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline

Published: 2026-05-15 · Last updated: 2026-05-19

Severity and scoring

CVSS: 7.1 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
CWE: CWE-862

Affected products

Vendor	Product
openwebui	open_webui

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, there's an IDOR in the channels message management system that allows authenticated users to modify or delete any message within channels they have read access to. The vulnerability exists in the message update and delete endpoints, which implement channel-level authorization but completely lack message ownership validation. While the frontend correctly implements ownership checks (showing edit/delete buttons only for message owners or admins), the backend APIs bypass these protections by only validating channel access permissions without verifying that the requesting user owns the target message. This creates a client-side security control bypass where attackers can directly call the APIs to modify other users' messages. This vulnerability is fixed in 0.6.19.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-44569
[Vendor advisory]https://github.com/open-webui/open-webui/security/advisories/GHSA-jxwr-g6r6-j3fx
[Vendor advisory]https://github.com/open-webui/open-webui/security/advisories/GHSA-jxwr-g6r6-j3fx

Related CVEs

Same vendor

CVE-2026-45667 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (6.5 MEDIUM)
CVE-2026-45666 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (6.5 MEDIUM)
CVE-2026-45665 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (8.1 HIGH)
CVE-2026-45365 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (5.4 MEDIUM)
CVE-2026-45351 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (6.5 MEDIUM)

Same CWE

CVE-2026-12105 — Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplicat...
CVE-2026-53866 — OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators ... (8.1 HIGH)
CVE-2026-53851 — OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipeline despite... (5.3 MEDIUM)
CVE-2026-53850 — OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated caller... (5.5 MEDIUM)
CVE-2026-53844 — OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated call... (6.5 MEDIUM)