CVE-2026-44562

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0

Description The 'POST /api/v1/models/import' endpoint allows users with the workspace.models import permission to overwrite any existing model in the database, regardless of ownership. When an imported model's ID matches an existing model, the system merges the payload over the existing model data and writes it to the database without validating ownership or access grants. This process bypasses the filter allowed access grants function, which is used by other model mutation endpoints to enforce access restrictions. This can lead to the silent replacement of a model's system prompt, base model routing, and access grants, potentially causing users to receive attacker-controlled responses.

Recommendations Update to version 0.9.0.