PatchSiren cyber security CVE debrief

CVE-2026-45316 open-webui CVE debrief

## Summary CVE-2026-45316 is a low-severity authorization bypass in Open WebUI, a self-hosted AI platform. The vulnerability allows users with read-only access to shared notes to perform state-modifying actions (pinning/unpinning) due to improper permission checks on the POST /api/v1/notes/{id}/pin endpoint. The endpoint verifies read permission instead of write permission before executing the toggle operation on the is_pinned field. ## Technical Details - **Affected Product:** Open WebUI (self-hosted AI platform) - **Affected Versions:** Prior to 0.9.3 - **Vulnerable Endpoint:** POST /api/v1/notes/{id}/pin - **Root Cause:** CWE-863 (Incorrect Authorization) — the endpoint performs a write operation but only validates read permission - **Attack Vector:** Network-based, requires low-privilege authenticated access - **Impact:** Low integrity impact; unauthorized modification of note pinning state The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N) reflects that exploitation requires network access, low privileges, and user interaction, with no confidentiality or availability impact and low integrity impact. ## Timeline - **CVE Published:** 2026-05-15 - **CVE Last Modified:** 2026-05-18 - **Fix Available:** Version 0.9.3 ## Recommended Actions 1. **Upgrade Immediately:** Update Open WebUI to version 0.9.3 or later, which contains the fix for this authorization bypass. 2. **Access Control Review:** Audit shared note permissions to ensure read-only users have not made unauthorized pinning changes. 3. **Monitor for Anomalies:** Review note pinning activity logs for unexpected state changes by read-only users during the exposure window. 4. **Validate Permission Model:** After upgrading, verify that the pin/unpin functionality correctly requires write permission through functional testing. ## References See resourceLinkAnnotations for official CVE record, NVD details, and vendor security advisory.