Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.7, a user can modify another user's model even if its visibility is set to Private. By changing the access permissions during editing, unauthorized access can be gained. This vulnerability is fixed in 0.5.7.
Published: 2026-05-15
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Open WebUI allows a user to modify another user's model even when the model is marked private, due to a missing authorization check in the update function. An attacker who can authenticate to the platform can change the configuration or replace the model file, potentially injecting malicious content that will be used for inference. The flaw is an example of improper authorization (CWE-285) and grants unauthorized privilege escalation within the application.

Affected Systems

The vulnerability exists in all self‑hosted Open WebUI deployments before version 0.5.7. Any user who interacts with the Open WebUI web interface or API before that patch level is at risk.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity, and the vulnerability is not listed in the CISA KEV catalog. No EPSS value is available, so the likelihood of exploitation cannot be quantified, but the attack path is straightforward: an authenticated user can simply issue a model‑update request. Once exploited, the attacker can alter model parameters or replace the model file, giving them control over the model’s behavior. Because no additional prerequisites beyond valid credentials are required, the risk profile is moderate to high depending on the trust level of users on the server.

Generated by OpenCVE AI on May 15, 2026 at 22:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official Open WebUI patch to upgrade to version 0.5.7 or later
  • If an immediate upgrade is not possible, enforce role‑based access to restrict which users can update models, ensuring only trusted administrators have that capability
  • As a temporary workaround, disable the model‑update functionality for private models until the patch can be applied

Generated by OpenCVE AI on May 15, 2026 at 22:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-gm54-m39w-grjp Open WebUI missing authorization check at the model update function - models from other users can be updated
History

Fri, 15 May 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Open-webui
Open-webui open-webui
Vendors & Products Open-webui
Open-webui open-webui

Fri, 15 May 2026 21:30:00 +0000

Type Values Removed Values Added
Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.7, a user can modify another user's model even if its visibility is set to Private. By changing the access permissions during editing, unauthorized access can be gained. This vulnerability is fixed in 0.5.7.
Title Open WebUI: Missing authorization check at the model update function - models from other users can be updated
Weaknesses CWE-285
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

Open-webui Open-webui
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T21:17:27.335Z

Reserved: 2026-05-11T21:40:08.177Z

Link: CVE-2026-45345

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-15T22:16:54.923

Modified: 2026-05-15T22:16:54.923

Link: CVE-2026-45345

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T22:30:06Z

Weaknesses