Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the GET /api/v1/channels/{id}/members endpoint only checks membership for group and dm channel types (lines 467-469). For standard channels — including private ones — there is no channel_has_access check before returning the member list. Any authenticated user who knows a private channel's UUID can enumerate all users with access to that channel. This vulnerability is fixed in 0.9.0.
Published: 2026-05-15
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in the Open WebUI platform where the GET /api/v1/channels/{id}/members endpoint omitted an authorization check for standard channels before 0.9.0. This oversight allows any authenticated user who knows the UUID of a private channel to obtain a list of all users with access to that channel, exposing sensitive membership information and representing a clear information disclosure flaw classified as CWE‑862.

Affected Systems

The flaw affects the open-webui:open-webui product versions earlier than 0.9.0. Administrators running these older releases are exposed to the risk.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate severity. EPSS is not available and the vulnerability is not listed in CISA KEV, suggesting a lower likelihood of active exploitation at this time. The attack requires only an authenticated session and knowledge of a private channel UUID, making the vulnerability exploitable in environments where users can guess or share channel identifiers.

Generated by OpenCVE AI on May 15, 2026 at 21:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open WebUI to version 0.9.0 or later to add the missing channel access check.
  • If an immediate upgrade is not possible, configure the API to allow /api/v1/channels/{id}/members requests only for verified channel members.
  • Monitor authentication logs for attempts to access /api/v1/channels/{id}/members to detect possible enumeration attacks.

Generated by OpenCVE AI on May 15, 2026 at 21:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-c7wp-3qh5-55pv Open WebUI Missing Access Check on Channel Members Endpoint for Standard Channels
History

Fri, 15 May 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Open-webui
Open-webui open-webui
Vendors & Products Open-webui
Open-webui open-webui

Fri, 15 May 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the GET /api/v1/channels/{id}/members endpoint only checks membership for group and dm channel types (lines 467-469). For standard channels — including private ones — there is no channel_has_access check before returning the member list. Any authenticated user who knows a private channel's UUID can enumerate all users with access to that channel. This vulnerability is fixed in 0.9.0.
Title Open WebUI: Missing Access Check on Channel Members Endpoint for Standard Channels
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Open-webui Open-webui
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T20:28:38.679Z

Reserved: 2026-05-06T20:59:00.595Z

Link: CVE-2026-44559

cve-icon Vulnrichment

Updated: 2026-05-15T20:27:20.359Z

cve-icon NVD

Status : Received

Published: 2026-05-15T20:16:47.483

Modified: 2026-05-15T21:16:36.017

Link: CVE-2026-44559

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T22:00:12Z

Weaknesses