CVE-2026-45351

6.5 MEDIUM

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline

Published: 2026-05-15 · Last updated: 2026-05-18

Severity and scoring

CVSS: 6.5 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-200

Affected products

Vendor	Product
openwebui	open_webui

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user [non-admin] logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of available models set by admin on models pages in workspace affecting the confidentiality of application. This vulnerability is fixed in 0.8.9.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-45351
[Vendor advisory]https://github.com/open-webui/open-webui/security/advisories/GHSA-jh9g-8jqw-m2qx
[Vendor advisory]https://github.com/open-webui/open-webui/security/advisories/GHSA-jh9g-8jqw-m2qx

Related CVEs

Same vendor

CVE-2026-45667 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (6.5 MEDIUM)
CVE-2026-45666 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (6.5 MEDIUM)
CVE-2026-45665 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (8.1 HIGH)
CVE-2026-45365 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (5.4 MEDIUM)
CVE-2026-45350 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (7.1 HIGH)

Same CWE

CVE-2026-45329 — ESF-IDF is the Espressif Internet of Things (IOT) Development Framework (7.1 HIGH)
CVE-2026-50508 — Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a net... (6.5 MEDIUM)
CVE-2026-47284 — Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information ... (6.5 MEDIUM)
CVE-2026-45594 — Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacke... (5.5 MEDIUM)
CVE-2026-42973 — Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally (5.5 MEDIUM)