Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, in standard channels (i.e., channels whose channel.type is neither group nor dm), the endpoint POST /api/v1/channels/{channel_id}/messages/{message_id}/update can be accessed with read permission only. When access_control is set to None, the authorization check has_access(..., type="read") evaluates to True, allowing users who are not the message owner to update messages. As a result, unauthorized modification of other users’ messages is possible. This vulnerability is fixed in 0.8.6.
Published: 2026-05-15
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Open WebUI’s POST /api/v1/channels/{channel_id}/messages/{message_id}/update endpoint incorrectly allowed users with only read permission to modify messages that they did not own in standard channels. This is an instance of Improper Authorization (CWE‑862). The flaw occurs because when access_control is set to None, the authorization check defaults to true for read access, enabling unauthorized message updates. An attacker who can reach the endpoint and has read rights can therefore alter another user’s message content, compromising data integrity and potentially disrupting trust in the platform.

Affected Systems

The vulnerability affects versions of Open WebUI prior to 0.8.6. Administrators running the open-webui platform should verify that the deployed instance is 0.8.6 or later; earlier releases are susceptible to unauthorized message updates via the POST /api/v1/channels/{channel_id}/messages/{message_id}/update endpoint.

Risk and Exploitability

The CVSS score of 6.5 classifies this as a moderate severity flaw. Exploitation requires that the attacker be able to reach the vulnerable endpoint and possess read permission, which is common in local or compromised environments. The EPSS score is not available, and the vulnerability is not currently listed in the CISA KEV catalog, indicating that known exploits are not widespread. Still, any user who obtains even read access can manipulate messages, so the risk persists until remediation is applied.

Generated by OpenCVE AI on May 15, 2026 at 23:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open WebUI to version 0.8.6 or later to apply the vendor fix.
  • Verify that the configuration setting access_control is not set to None; enable proper role‑based access controls that restrict the update endpoint to message owners only.
  • Audit and restrict the use of the POST /api/v1/channels/{channel_id}/messages/{message_id}/update endpoint to authenticated users with explicit write permission, and monitor for unauthorized update attempts.

Generated by OpenCVE AI on May 15, 2026 at 23:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-jgj3-r8hr-9pjw Open WebUI's Improper Authorization in Standard Channels Allows Message Updates with Read Permission
History

Fri, 15 May 2026 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Open-webui
Open-webui open-webui
Vendors & Products Open-webui
Open-webui open-webui

Fri, 15 May 2026 21:30:00 +0000

Type Values Removed Values Added
Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, in standard channels (i.e., channels whose channel.type is neither group nor dm), the endpoint POST /api/v1/channels/{channel_id}/messages/{message_id}/update can be accessed with read permission only. When access_control is set to None, the authorization check has_access(..., type="read") evaluates to True, allowing users who are not the message owner to update messages. As a result, unauthorized modification of other users’ messages is possible. This vulnerability is fixed in 0.8.6.
Title Open WebUI: Improper Authorization in Standard Channels Allows Message Updates with Read Permission
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

Open-webui Open-webui
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T22:21:29.196Z

Reserved: 2026-05-06T20:59:00.596Z

Link: CVE-2026-44571

cve-icon Vulnrichment

Updated: 2026-05-15T22:18:56.590Z

cve-icon NVD

Status : Received

Published: 2026-05-15T22:16:53.473

Modified: 2026-05-15T23:16:20.823

Link: CVE-2026-44571

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T23:30:10Z

Weaknesses