Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user [non-admin] logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of available models set by admin on models pages in workspace affecting the confidentiality of application. This vulnerability is fixed in 0.8.9.
Published: 2026-05-15
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A logged-in non‑admin user can trigger an API request to /api/models, which exposes the system prompts set by administrators. This disclosure compromises the confidentiality of the application’s internal configuration and can reveal sensitive information about the AI models and their settings. The weakness is a classic information‑disclosure flaw, identified as CWE‑200.

Affected Systems

The affected software is Open WebUI by open-webui, version 0.8.8 and earlier. Versions 0.8.9 and later contain the fix.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity. Exploitability requires a valid authenticated non‑admin session, so the attack vector is limited to users who have legitimate access to the system. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The risk is therefore medium, primarily affecting confidentiality and limited to users who can log in.

Generated by OpenCVE AI on May 15, 2026 at 22:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open WebUI to 0.8.9 or later to remove the vulnerability.
  • Verify that the /api/models endpoint and related privilege checks are only accessible to users with administrative rights.
  • Audit user activity logs to detect any unauthorized attempts to access the system prompt data.

Generated by OpenCVE AI on May 15, 2026 at 22:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-jh9g-8jqw-m2qx Open WebUI Exposes System Prompt to Regular User [Non-Admin]
History

Sat, 16 May 2026 00:15:00 +0000

Type Values Removed Values Added
First Time appeared Open-webui
Open-webui open-webui
Vendors & Products Open-webui
Open-webui open-webui

Fri, 15 May 2026 21:30:00 +0000

Type Values Removed Values Added
Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user [non-admin] logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of available models set by admin on models pages in workspace affecting the confidentiality of application. This vulnerability is fixed in 0.8.9.
Title Open WebUI: Exposure of System Prompt to Regular User [Non-Admin]
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Open-webui Open-webui
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T21:09:41.689Z

Reserved: 2026-05-11T21:40:08.178Z

Link: CVE-2026-45351

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-15T22:16:55.453

Modified: 2026-05-15T22:16:55.453

Link: CVE-2026-45351

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-16T00:00:11Z

Weaknesses