CVE-2026-44567 open-webui CVE debrief

Who should care

Organizations running self-hosted Open WebUI instances with public or semi-public sign-up enabled, particularly those relying on the pending approval workflow for access control. Security teams responsible for AI/ML platform governance and compliance officers managing data access controls in offline AI deployments.

Technical summary

The vulnerability stems from missing server-side authorization checks in Open WebUI's API layer. When DEFAULT_USER_ROLE is set to 'pending' (the default when ENABLE_SIGNUP=true), new registrations receive pending status pending administrator approval. However, the API endpoints fail to verify the user's current role before processing requests, allowing pending users to invoke functionality reserved for user or admin roles. This represents a classic insecure direct object reference and missing function-level access control pattern. The fix in 0.1.124 implements proper role validation middleware across protected API routes.

Defensive priority

HIGH

Recommended defensive actions

• Upgrade Open WebUI to version 0.1.124 or later to remediate the authorization bypass vulnerability.
• If immediate patching is not feasible, disable new user sign-ups or implement additional network-level access controls to restrict pending users from accessing API endpoints.
• Review user role assignments in the Admin management panel to ensure no pending users have gained unauthorized access prior to remediation.
• Monitor API access logs for anomalous activity from users with pending role status.

Evidence notes

Vendor advisory confirms the vulnerability exists in versions prior to 0.1.124, with fix implemented in that version. CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L indicates network attack vector with low attack complexity, no privileges required, and low impacts across confidentiality, integrity, and availability.

Official resources