Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses model_config = ConfigDict(extra='allow'). Due to an insecure dictionary merge order in insert_new_feedback(), an authenticated attacker can inject a user_id field in the request body that overwrites the server-derived value, creating feedback records attributed to any arbitrary user. This corrupts the model evaluation leaderboard (Elo ratings) and enables identity spoofing. This vulnerability is fixed in 0.9.5.
Published: 2026-05-15
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Prior to version 0.9.5, the FeedbackForm endpoint in Open WebUI accepted arbitrary data and performed a dictionary merge in a way that let an attacker include a user_id field in the request body, overriding the server‑derived value. This functionality of CWE‑915 permitted an authenticated user to create feedback entries that appeared to belong to any user, corrupting the Elo rating system and enabling identity spoofing.

Affected Systems

The vulnerability affects Open WebUI, specifically versions earlier than 0.9.5, including the 0.9.2 release referenced in the advisory. The impact is limited to deployments that expose the /api/v1/evaluations/feedback endpoint to authenticated users.

Risk and Exploitability

The CVSS score of 5.4 indicates a medium severity vulnerability, and the EPSS score is not currently available. The vulnerability is not listed in the CISA KEV catalog. An attacker would need valid credentials to send a POST request to the feedback endpoint, making the attack remote but authenticated. The insecure merge order allows the attacker to set the user_id field, tampering with leaderboard data and enabling spoofed identities.

Generated by OpenCVE AI on May 15, 2026 at 21:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch that upgrades Open WebUI to version 0.9.5 or later.
  • Enforce that only authenticated, authorized users can access the feedback API endpoint, restricting write permissions to trusted accounts.
  • Regularly review the feedback leaderboard and audit feedback records to detect any anomalous entries that may indicate spoofing.

Generated by OpenCVE AI on May 15, 2026 at 21:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-rjmp-vjf2-qf4g Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation
History

Tue, 19 May 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Openwebui
Openwebui open Webui
CPEs cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*
Vendors & Products Openwebui
Openwebui open Webui

Fri, 15 May 2026 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Open-webui
Open-webui open-webui
Vendors & Products Open-webui
Open-webui open-webui

Fri, 15 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses model_config = ConfigDict(extra='allow'). Due to an insecure dictionary merge order in insert_new_feedback(), an authenticated attacker can inject a user_id field in the request body that overwrites the server-derived value, creating feedback records attributed to any arbitrary user. This corrupts the model evaluation leaderboard (Elo ratings) and enables identity spoofing. This vulnerability is fixed in 0.9.5.
Title Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation
Weaknesses CWE-915
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

Open-webui Open-webui
Openwebui Open Webui
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T22:21:39.932Z

Reserved: 2026-05-12T01:48:40.451Z

Link: CVE-2026-45396

cve-icon Vulnrichment

Updated: 2026-05-15T22:17:05.473Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-15T21:16:37.590

Modified: 2026-05-19T12:20:29.730

Link: CVE-2026-45396

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T22:00:12Z

Weaknesses