CVE-2026-44558

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0

Description The channel router fails to call the filter allowed access grants() function during the creation or update of channels. This function is intended to strip unauthorized wildcard grants (such as principal id: "*") or individual user grants from users who lack the necessary permissions. Consequently, a non-admin user who can create group channels or owns a channel can submit arbitrary access grants that are stored verbatim, bypassing the administrative permission framework. This allows users to make channels publicly accessible or grant individual access even when administrative policies prohibit such actions.

Technical details include the following affected endpoints:

Recommendations Update to version 0.9.0.