Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members (including administrators) within the same channel. In the update_message_by_id function, for group or dm type channels, only the caller's membership in the channel is checked via the is_user_channel_member function, without verifying message ownership. This allows any channel member to modify messages sent by other members within the same channel. This vulnerability is fixed in 0.9.5.
Published: 2026-05-15
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An IDOR flaw in the update_message_by_id API of Open WebUI’s Channels feature lets any channel member edit messages sent by other members, including administrators. The vulnerability is rooted in improper ownership validation and falls under CWE‑639. This enables arbitrary tampering of chat history, potentially spreading misinformation or corrupting operational records.

Affected Systems

Open WebUI installations earlier than version 0.9.5 are affected. The flaw exists in the Channels component of the open‑webui product, which is typically deployed as a self‑hosted AI platform for offline use.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate impact, and the EPSS score is not available, but the vulnerability is exploitable by any member of a channel, making it readily achievable without special prerequisites. The weakness is not listed in CISA KEV. Exploitability is limited to users with channel membership; an attacker would need only to send a crafted request to the update_message_by_id endpoint to modify another member’s message.

Generated by OpenCVE AI on May 15, 2026 at 21:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open WebUI to version 0.9.5 or later, which implements a proper message‑ownership check.
  • Restrict edit permissions within channels so that only administrators or message owners can modify messages.
  • Monitor channel logs for unexpected edits and conduct regular audits of message integrity.

Generated by OpenCVE AI on May 15, 2026 at 21:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-wwhq-cx22-f7vv Open WebUI has an IDOR vulnerability in the update_message_by_id API endpoint
History

Tue, 19 May 2026 02:00:00 +0000

Type Values Removed Values Added
First Time appeared Openwebui
Openwebui open Webui
CPEs cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*
Vendors & Products Openwebui
Openwebui open Webui

Mon, 18 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Open-webui
Open-webui open-webui
Vendors & Products Open-webui
Open-webui open-webui

Fri, 15 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members (including administrators) within the same channel. In the update_message_by_id function, for group or dm type channels, only the caller's membership in the channel is checked via the is_user_channel_member function, without verifying message ownership. This allows any channel member to modify messages sent by other members within the same channel. This vulnerability is fixed in 0.9.5.
Title Open WebUI: An IDOR vulnerability exists in the update_message_by_id API endpoint
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Open-webui Open-webui
Openwebui Open Webui
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-18T15:56:49.278Z

Reserved: 2026-05-12T00:51:29.087Z

Link: CVE-2026-45385

cve-icon Vulnrichment

Updated: 2026-05-18T15:55:37.340Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-15T21:16:36.907

Modified: 2026-05-19T01:45:35.507

Link: CVE-2026-45385

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T22:15:09Z

Weaknesses
  • CWE-639

    Authorization Bypass Through User-Controlled Key