PatchSiren cyber security CVE debrief
CVE-2026-44563 open-webui CVE debrief
Open WebUI versions prior to 0.9.0 contain a broken access control vulnerability (CWE-862) affecting four API endpoints: /api/generate, /api/embed, /api/embeddings, and /api/show. These endpoints accept arbitrary model names from authenticated users and forward requests to the Ollama backend without verifying whether the requesting user has explicit authorization to access the specified model. The endpoints only enforce get_verified_user authentication (any non-pending authenticated user) and validate model existence against the unfiltered model list, but fail to invoke AccessGrants.has_access() for authorization checks. This allows authenticated users to interact with models they have not been granted access to, potentially exposing restricted AI capabilities or data. The vulnerability was published on 2026-05-15 and last modified on 2026-05-19. CVSS 3.1 score: 5.4 (MEDIUM).
- Vendor
- open-webui
- Product
- Unknown
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-15
- Original CVE updated
- 2026-05-19
- Advisory published
- 2026-05-15
- Advisory updated
- 2026-05-19
Who should care
Organizations running self-hosted Open WebUI instances with multi-user environments and model access restrictions should prioritize this patch. Particularly relevant for deployments using Ollama backend with granular model access controls.
Technical summary
The vulnerability stems from missing authorization checks in four critical API endpoints. While authentication is enforced via get_verified_user, the application fails to validate AccessGrants.has_access() before forwarding model-specific requests to the Ollama backend. This architectural gap allows any authenticated user to specify arbitrary model names and receive responses from models outside their authorized scope. The fix in version 0.9.0 presumably adds the missing authorization check to ensure model-level access control is properly enforced.
Defensive priority
medium
Recommended defensive actions
- Upgrade Open WebUI to version 0.9.0 or later to remediate this vulnerability.
- Review AccessGrants configurations to ensure proper model-level authorization is enforced.
- Audit API access logs for unauthorized model access attempts via the affected endpoints prior to patching.
- Implement network segmentation to limit exposure of Open WebUI instances to authorized users only.
Evidence notes
Vulnerability confirmed through vendor security advisory with exploit details. Affected versions: all versions prior to 0.9.0. Fix version: 0.9.0. CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L.
Official resources
-
CVE-2026-44563 CVE record
CVE.org
-
CVE-2026-44563 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Vendor Advisory
2026-05-15T20:16:48.000Z