CVE-2026-44569 - Vulnerability Details

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, there's an IDOR in the channels message management system that allows authenticated users to modify or delete any message within channels they have read access to. The vulnerability exists in the message update and delete endpoints, which implement channel-level authorization but completely lack message ownership validation. While the frontend correctly implements ownership checks (showing edit/delete buttons only for message owners or admins), the backend APIs bypass these protections by only validating channel access permissions without verifying that the requesting user owns the target message. This creates a client-side security control bypass where attackers can directly call the APIs to modify other users' messages. This vulnerability is fixed in 0.6.19.

Published: 2026-05-15

Score: 7.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Open WebUI contains an IDOR in the channels message update and delete endpoints. The backend performs only channel‑level authorization, missing message‑owner validation. As a result, an authenticated user who can read a channel can modify or delete any message in that channel, regardless of who sent it. This breaks integrity and potentially confidentiality of user content.

Affected Systems

Any installation of open-webui:open-webui before release 0.6.19 is affected. The fix was applied in 0.6.19 and later versions.

Risk and Exploitability

The CVSS score of 7.1 indicates moderate to high severity. EPSS is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting it has not yet been widely exploited in the wild. An attacker must first authenticate to the system and obtain read access to a channel; thereafter the exploit can be performed via direct API calls. The impact is limited to unauthorized modification or deletion of messages, but the consistency and trustworthiness of logged content could be undermined in multi‑user environments.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

open-webui

affected

Version	Status	Constraints
`< 0.6.19`	affected	—

No data.

Vendor Product Confidence Versions

Open-webui

100%

Version	Status	Scheme	Platform
`[0,0.6.19)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the vendor patch by upgrading to Open WebUI version 0.6.19 or later, which implements message‑ownership checks in the update and delete APIs.
Reconfigure API rate limiting and monitor for unauthorized update/delete attempts to detect potential exploitation attempts.
Review channel permissions to ensure that only trusted or necessary users have read access, reducing the attack surface.

Generated by OpenCVE AI on May 15, 2026 at 22:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-jxwr-g6r6-j3fx	Open WebUI's Insecure Message Access Breaks Authorization

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00029.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/open-webui/open-webui/security/advisories/GHSA-jxwr-g6r6-j3fx

History

Fri, 15 May 2026 22:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Open-webui Open-webui open-webui
Vendors & Products		Open-webui Open-webui open-webui

Fri, 15 May 2026 21:30:00 +0000

Type	Values Removed	Values Added
Description		Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, there's an IDOR in the channels message management system that allows authenticated users to modify or delete any message within channels they have read access to. The vulnerability exists in the message update and delete endpoints, which implement channel-level authorization but completely lack message ownership validation. While the frontend correctly implements ownership checks (showing edit/delete buttons only for message owners or admins), the backend APIs bypass these protections by only validating channel access permissions without verifying that the requesting user owns the target message. This creates a client-side security control bypass where attackers can directly call the APIs to modify other users' messages. This vulnerability is fixed in 0.6.19.
Title		Open WebUI: Insecure Message Access Breaks Authorization
Weaknesses		CWE-862
References		https://github.com/open-webui/open-webui/security/advisories/GHSA-jxwr-g6r6-j3fx
Metrics		cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L'}`

Subscriptions

Open-webui Open-webui

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-05-15T21:03:28.254Z

Updated: 2026-05-15T21:03:28.254Z

Reserved: 2026-05-06T20:59:00.596Z

Link: CVE-2026-44569

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-15T22:16:53.187

Modified: 2026-05-15T22:16:53.187

Link: CVE-2026-44569

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-15T23:00:14Z

Weaknesses

CWE-862

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object