PT-2026-41175 · Unknown · Open-Webui
Published
2026-05-10
·
Updated
2026-05-16
·
CVE-2026-45345
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Open WebUI versions prior to 0.5.7
Description
An issue exists where a user can modify another user's model regardless of whether its visibility is set to Private. By altering access permissions during the editing process, unauthorized access can be obtained. This is possible via the '/api/v1/models/model/update' endpoint by manipulating the
id and access control parameters.Recommendations
Update to version 0.5.7.
Exploit
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open-Webui