Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, Pin/Unpin is a write operation (modifies the message's is_pinned , pinned_by, pinned_at fields), but in standard channels it only checks read permission, allowing users with read-only access to pin/unpin any message. This vulnerability is fixed in 0.9.5.
Published: 2026-05-15
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An authorization bypass allowing users with only read permissions to pin or unpin messages in Open WebUI. The pin_channel_message endpoint performs a write operation that changes a message's pinned status, pinned_by and pinned_at fields, but the checks performed on that endpoint only verify read access. This permits a user who normally has no modification rights to manipulate message metadata, which can interfere with message ordering and potentially expose the user to misinformation or confusion. The weakness is classified as CWE‑639.

Affected Systems

Open WebUI installations running a version before 0.9.5 are affected. The platform is a self‑hosted, offline artificial intelligence interface that supports collaborative channels.

Risk and Exploitability

The CVSS score of 4.3 signals a moderate risk level, and the vulnerability is not listed in the CISA KEV catalog. No EPSS score is available, so the current estimate of exploitation probability is unknown. The attack likely involves legitimate users or compromised read‑only accounts accessing the public API or WebUI, enabling them to send pin or unpin requests. No special privileges are required beyond legitimate usage of the application. The impact is limited to post‑moderation manipulation and does not grant arbitrary code execution or full data exfiltration.

Generated by OpenCVE AI on May 15, 2026 at 22:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open WebUI to version 0.9.5 or later
  • If upgrading is not yet possible, disable the pin/unpin functionality or enforce permission checks that require write or administrator rights before allowing changes to pin status
  • Audit API logs for unusually high pin/unpin activity from users with read‑only permissions

Generated by OpenCVE AI on May 15, 2026 at 22:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-5gc6-xhv4-2wg6 Open WebUI has an IDOR vulnerability in the pin_channel_message API endpoint
History

Fri, 15 May 2026 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Open-webui
Open-webui open-webui
Vendors & Products Open-webui
Open-webui open-webui

Fri, 15 May 2026 21:00:00 +0000

Type Values Removed Values Added
Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, Pin/Unpin is a write operation (modifies the message's is_pinned , pinned_by, pinned_at fields), but in standard channels it only checks read permission, allowing users with read-only access to pin/unpin any message. This vulnerability is fixed in 0.9.5.
Title Open WebUI: An IDOR vulnerability exists in the pin_channel_message API endpoint
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Open-webui Open-webui
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T20:36:21.773Z

Reserved: 2026-05-12T00:51:29.087Z

Link: CVE-2026-45386

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-15T21:16:37.043

Modified: 2026-05-15T21:16:37.043

Link: CVE-2026-45386

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T23:00:12Z

Weaknesses