PT-2026-39278 · Unknown · Open-Webui
Published
2026-05-08
·
Updated
2026-05-17
·
CVE-2026-44561
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Open WebUI versions prior to 0.9.0
Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. An issue exists where the
is user channel member() function verifies the existence of a membership record but fails to check the is active field. Consequently, when a user is removed from a group or DM channel or leaves voluntarily, their membership record remains with is active=False and status='left', yet they retain full read and write access via direct API calls. While the channel is hidden from the user's interface, they can still interact with message-level endpoints if they possess the channel ID. Affected endpoints include:- '/api/v1/channels/{channel id}/messages'
- '/api/v1/channels/{channel id}/messages/post'
- '/api/v1/channels/{channel id}/messages/{id}/update'
- '/api/v1/channels/{channel id}/messages/{id}/delete'
Recommendations
Update to version 0.9.0.
Exploit
Fix
Incorrect Authorization
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Open-Webui