CVE-2026-44561 - Vulnerability Details

- Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the is_user_channel_member function checks whether a ChannelMember row exists but does not check the is_active field. When a user is deactivated from a group or DM channel (removed by the channel owner, or leaves voluntarily), their membership row persists with is_active=False and status='left'. Because the authorization check ignores this field, the deactivated user retains full read and write access to the channel via direct API calls. This vulnerability is fixed in 0.9.0.

Published: 2026-05-15

Score: 5.4 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw arises when the function that checks channel membership verifies only the existence of a row but ignores the membership’s is_active flag. A user who has been removed or has left a channel retains a membership record with is_active=False and status='left', yet the API continues to grant full read/write privileges. This allows the deactivated user to read sensitive channel data and post messages, effectively bypassing the intended access controls. The weakness is an access‑control lapse (CWE‑863).

Affected Systems

The issue affects all Open WebUI installations prior to version 0.9.0. Any deployment using open-webui:open-webui older than 0.9.0 is vulnerable; the fix is included in the 0.9.0 release and newer versions.

Risk and Exploitability

The CVSS score of 5.4 indicates a moderate severity. EPSS is not available, and the vulnerability is not listed in CISA's KEV catalog, so the current public exploitation probability is unknown. Attackers can exploit the flaw by invoking channel‑specific API endpoints that rely on the is_user_channel_member check. Based on the description, the likely attack vector is authenticated or internal, requiring the deactivated user to still possess valid API credentials. An exploit would allow the deactivated member to read confidential channel content and inject messages, leading to potential data leakage or disruption of communication.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

open-webui

affected

Version	Status	Constraints
`< 0.9.0`	affected	—

No data.

Vendor Product Confidence Versions

Open-webui

100%

Version	Status	Scheme	Platform
`[0,0.9.0)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Open WebUI to version 0.9.0 or later to apply the official fix.
Disable or restrict API access for users whose membership is marked inactive, ensuring that authentication tokens for deactivated users are revoked.
Audit channel activity logs to detect any unauthorized reads or writes from deactivated accounts and remediate any compromised data.

Generated by OpenCVE AI on May 15, 2026 at 21:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-hmgr-67hw-j2cq	Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00025.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/open-webui/open-webui/security/advisories/GHSA-hmgr-67hw-j2cq

History

Fri, 15 May 2026 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Open-webui Open-webui open-webui
Vendors & Products		Open-webui Open-webui open-webui

Fri, 15 May 2026 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 15 May 2026 20:15:00 +0000

Type	Values Removed	Values Added
Description		Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the is_user_channel_member function checks whether a ChannelMember row exists but does not check the is_active field. When a user is deactivated from a group or DM channel (removed by the channel owner, or leaves voluntarily), their membership row persists with is_active=False and status='left'. Because the authorization check ignores this field, the deactivated user retains full read and write access to the channel via direct API calls. This vulnerability is fixed in 0.9.0.
Title		Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels
Weaknesses		CWE-863
References		https://github.com/open-webui/open-webui/security/advisories/GHSA-hmgr-67hw-j2cq
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}`

Subscriptions

Open-webui Open-webui

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-05-15T19:34:52.060Z

Updated: 2026-05-15T20:22:00.557Z

Reserved: 2026-05-06T20:59:00.595Z

Link: CVE-2026-44561

Vulnrichment

Updated: 2026-05-15T20:21:57.244Z

NVD

Status : Received

Published: 2026-05-15T20:16:47.743

Modified: 2026-05-15T21:16:36.170

Link: CVE-2026-44561

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-15T22:00:12Z

Weaknesses

CWE-863

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object