Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v1/notes/{note_id} endpoint lacks proper authorization checks, allowing authenticated users to retrieve notes belonging to other users by guessing or enumerating UUIDs. This results in unauthorized disclosure of potentially sensitive or private user data. This vulnerability is fixed in 0.8.11.
Published: 2026-05-15
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Open WebUI’s API endpoint /api/v1/notes/{note_id} does not enforce authorization checks for authenticated users before version 0.8.11. This allows an attacker who has already authenticated, to retrieve notes belonging to other users by guessing or enumerating UUIDs. The result is the unauthorized disclosure of potentially sensitive or private user data, an indirect object reference flaw (CWE‑639).

Affected Systems

The vulnerability affects the self‑hosted artificial intelligence platform Open WebUI. Any deployment running a version older than 0.8.11 is susceptible; this includes all releases up to but not including 0.8.11. The vendor is open‑webui and the product is the Open WebUI platform.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity. The EPSS score is not available, so the current frequency of exploitation is unknown, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an authenticated session and the ability to guess or enumerate a note UUID. An attacker could therefore perform a local or remote attack against a logged‑in user, potentially enumerating many notes and revealing private information. Given the lack of known public exploits, the threat is moderate but should be mitigated promptly.

Generated by OpenCVE AI on May 15, 2026 at 22:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Open WebUI installation to version 0.8.11 or later, where authorization checks for the /api/v1/notes endpoint have been added.
  • If an upgrade cannot be performed immediately, restrict access to the /api/v1/notes endpoint using an API gateway or reverse‑proxy rule so that only properly authenticated and authorized roles can reach it.
  • Enable detailed logging for the /api/v1/notes endpoint and regularly audit these logs for signs of unauthorized access attempts.

Generated by OpenCVE AI on May 15, 2026 at 22:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-x3qm-p8hr-3c3h Open WebUI has an Indirect Object Reference (IDOR) in user notes
History

Fri, 15 May 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Open-webui
Open-webui open-webui
Vendors & Products Open-webui
Open-webui open-webui

Fri, 15 May 2026 21:30:00 +0000

Type Values Removed Values Added
Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v1/notes/{note_id} endpoint lacks proper authorization checks, allowing authenticated users to retrieve notes belonging to other users by guessing or enumerating UUIDs. This results in unauthorized disclosure of potentially sensitive or private user data. This vulnerability is fixed in 0.8.11.
Title Open WebUI: Indirect Object Reference (IDOR) in user notes
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Open-webui Open-webui
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T21:07:42.714Z

Reserved: 2026-05-12T21:59:25.665Z

Link: CVE-2026-45666

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-15T22:16:56.057

Modified: 2026-05-15T22:16:56.057

Link: CVE-2026-45666

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T22:30:06Z

Weaknesses