Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:document:update Socket.IO event handler checks whether the sender is a member of the document's Socket.IO room (line 678) but does not verify that the sender has write permission. Users with read-only access join the document room via ydoc:document:join, which only requires read permission (line 520). Once in the room, the user can emit ydoc:document:update events that modify the in-memory Yjs document state and are broadcast to all other collaborators in real time. This vulnerability is fixed in 0.9.0.
Published: 2026-05-15
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw lies in the Socket.IO event handler for ydoc:document:update; it verifies membership in a document’s room but does not confirm that the sender has write rights. As a result, users with read‑only permissions who join the room can emit update events that alter the Yjs document state, leading to unintended changes in collaborative documents. This represents an authorization bypass that compromises data integrity.

Affected Systems

Open WebUI version 0.9.0 and earlier are affected. The product is hosted by the vendor open‑webui:open‑webui. No narrower version range is specified beyond the pre‑0.9.0 release.

Risk and Exploitability

The CVSS score of 5.4 places the vulnerability in the moderate severity range. EPSS is not available, and the flaw is not yet listed in CISA's KEV catalog. An attacker who can act as a read‑only user and join the Socket.IO room can issue update events, thereby modifying collaborative documents in real time. The attack vector is likely network‑based, requiring connectivity to the WebSocket endpoint. No additional elevating capabilities are needed; having read‑only access to the document room is sufficient to exploit the bug.

Generated by OpenCVE AI on May 15, 2026 at 20:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open WebUI to version 0.9.0 or newer, which implements proper write‑permission checks.
  • Revoke read‑only users’ ability to join collaborative document rooms until the patch is applied.
  • Audit and enforce write‑permission validation on the ydoc:document:update event handler to prevent unauthorized document modifications.

Generated by OpenCVE AI on May 15, 2026 at 20:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-vrfh-rj4q-rmhr Read-Only Open WebUI Users Can Modify Collaborative Documents via Socket.IO
History

Tue, 19 May 2026 03:15:00 +0000

Type Values Removed Values Added
First Time appeared Openwebui
Openwebui open Webui
CPEs cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*
Vendors & Products Openwebui
Openwebui open Webui

Fri, 15 May 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Open-webui
Open-webui open-webui
Vendors & Products Open-webui
Open-webui open-webui

Fri, 15 May 2026 19:30:00 +0000

Type Values Removed Values Added
Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:document:update Socket.IO event handler checks whether the sender is a member of the document's Socket.IO room (line 678) but does not verify that the sender has write permission. Users with read-only access join the document room via ydoc:document:join, which only requires read permission (line 520). Once in the room, the user can emit ydoc:document:update events that modify the in-memory Yjs document state and are broadcast to all other collaborators in real time. This vulnerability is fixed in 0.9.0.
Title Open WebUI: Read-Only Users Can Modify Collaborative Documents via Socket.IO
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

Open-webui Open-webui
Openwebui Open Webui
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T21:10:37.258Z

Reserved: 2026-05-06T20:59:00.595Z

Link: CVE-2026-44564

cve-icon Vulnrichment

Updated: 2026-05-15T21:10:34.013Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-15T20:16:48.130

Modified: 2026-05-19T03:11:43.490

Link: CVE-2026-44564

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T20:45:08Z

Weaknesses