Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the POST /api/v1/notes/{id}/pin endpoint performs a write operation (toggling the is_pinned field) but only checks for read permission. Users with read-only access to a shared note can pin/unpin it, which is a state-modifying action that should require write permission. This vulnerability is fixed in 0.9.3.
Published: 2026-05-15
Score: 3.5 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Open WebUI's /api/v1/notes/{id}/pin endpoint toggles the is_pinned field of a note. Prior to version 0.9.3 this endpoint performs a write operation but only verifies that the caller has read permission. Consequently users who have been granted read-only access to shared notes can modify the pinned state of a note, an operation that should require write permission. This represents a privilege-escalation weakness and is identified as CWE-863.

Affected Systems

The affected application is Open WebUI, a self-hosted AI platform. All releases prior to 0.9.3 are vulnerable. The issue is tied to the POST /api/v1/notes/{id}/pin API endpoint.

Risk and Exploitability

The CVSS score of 3.5 reflects the low impact of a state-change. The EPSS score is not available, so there is no data showing current exploitation likelihood, and the vulnerability is not listed in CISA's KEV catalog. The likely attack vector involves an authenticated user executing an API request to pin or unpin a note; no additional privileges or network access are required beyond read-only rights. Exploitation yields only a modification of a note’s pinned status, but any downstream logic that treats pinned notes differently could cause subtle data-flow or availability effects. Overall the risk is considered low, but the privilege escalation nature warrants prompt correction.

Generated by OpenCVE AI on May 15, 2026 at 23:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Open WebUI to version 0.9.3 or later, which fixes the permission check.
  • Re-evaluate role definitions to ensure users with read-only rights cannot perform state-changing operations; consider revoking pin-toggle capability if the platform exposes it in custom configurations.
  • Monitor API usage logs for unexpected pin-toggle activity from read-only accounts as a temporary defensive measure.

Generated by OpenCVE AI on May 15, 2026 at 23:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-jx2x-j75f-xq3j Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)
History

Sat, 16 May 2026 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Open-webui
Open-webui open-webui
Vendors & Products Open-webui
Open-webui open-webui

Fri, 15 May 2026 22:00:00 +0000

Type Values Removed Values Added
Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the POST /api/v1/notes/{id}/pin endpoint performs a write operation (toggling the is_pinned field) but only checks for read permission. Users with read-only access to a shared note can pin/unpin it, which is a state-modifying action that should require write permission. This vulnerability is fixed in 0.9.3.
Title Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

Open-webui Open-webui
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T21:30:36.597Z

Reserved: 2026-05-11T20:50:30.538Z

Link: CVE-2026-45316

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-15T22:16:54.387

Modified: 2026-05-15T22:16:54.387

Link: CVE-2026-45316

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-16T00:30:11Z

Weaknesses