CVE-2026-44561 open-webui CVE debrief

Who should care

Organizations running self-hosted Open WebUI instances with multi-user channel functionality, particularly those handling sensitive conversations in group or direct message channels where membership revocation is security-critical.

Technical summary

The authorization flaw exists in the `is_user_channel_member` function which performs an existence check on `ChannelMember` rows without validating the `is_active` boolean field. When membership is terminated, the database row is soft-deleted (retained with `is_active=False` and `status='left'`) rather than hard-deleted. The vulnerable authorization logic treats the existence of any membership record as sufficient for access, regardless of activation status. This enables bypass of channel removal controls through direct API invocation, as the web interface may correctly hide channels while the underlying API permits continued access. The fix in version 0.9.0 adds proper `is_active` validation to the membership check.

Defensive priority

MEDIUM

Recommended defensive actions

• Upgrade Open WebUI to version 0.9.0 or later to remediate the authorization bypass
• Review channel membership logs for deactivated users who may have accessed channels after removal
• Audit API access patterns for channels with membership changes to identify potential unauthorized access
• Implement additional authorization checks at the application layer for sensitive channel operations pending upgrade

Evidence notes

The vulnerability description is sourced from NVD with CPE criteria confirming affected versions prior to 0.9.0. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) supports the MEDIUM severity rating. GitHub Security Advisory tags confirm exploit availability and vendor mitigation.

Official resources