CVE-2026-44559 open-webui CVE debrief

Who should care

Organizations running self-hosted Open WebUI instances below version 0.9.0, particularly those relying on private channels for sensitive collaboration. Security teams should prioritize patching and log review for environments with strict channel privacy requirements.

Technical summary

The vulnerability exists in the channel member retrieval API endpoint. The application checks channel_has_access only for 'group' and 'dm' channel types, while 'standard' channel types—including private channels—bypass this validation. An authenticated attacker can supply any valid channel UUID to enumerate members without membership in that channel. The fix in 0.9.0 extends access control checks to all channel types.

Defensive priority

medium

Recommended defensive actions

• Upgrade Open WebUI to version 0.9.0 or later to obtain the authorization fix
• Review channel access patterns in application logs for unauthorized member enumeration attempts
• Audit private channel UUID exposure in client-side code, browser history, or shared links that could facilitate targeted enumeration
• Implement additional network-level access controls or API rate limiting for channel member endpoints as defense in depth
• Verify that custom channel implementations or forks include equivalent access control checks for all channel types

Evidence notes

Vulnerability confirmed through vendor security advisory and NVD analysis. The issue stems from incomplete access control logic at lines 467-469 of the affected endpoint implementation.

Official resources