PT-2026-56888 · Openwebui · Open-Webui

Publicado

2026-07-09

·

Atualizado

2026-07-09

·

CVE-2026-59225

CVSS v3.1

6.3

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.12 before 0.10.0, an authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model through task endpoints such as /api/v1/tasks/moa/completions. The normal chat route resolves arena models before the final chat dispatch and therefore re-checks the selected underlying model. The task routes call utils.chat.generate chat completion() directly. In that direct path, arena fallback resolution happens after the wrapper access check and then recurses with bypass filter=True, skipping the selected submodel's access check. This issue is fixed in version 0.10.0.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-59225

Produtos afetados

Open-Webui