CVE-2026-45385 open-webui CVE debrief

Who should care

Organizations running self-hosted Open WebUI instances with the Channels feature enabled, particularly those using group channels for collaborative AI interactions or relying on message integrity for compliance or operational purposes.

Technical summary

The vulnerability stems from missing ownership verification in the message update workflow. When processing `update_message_by_id` requests for group or DM channels, the application validates that the requesting user is a channel member but fails to verify that the user owns the specific message being modified. This allows any authenticated member to craft API requests targeting arbitrary message IDs within shared channels, resulting in unauthorized message modification. The fix in version 0.9.5 adds proper message ownership validation to the authorization flow.

Defensive priority

medium

Recommended defensive actions

• Upgrade Open WebUI to version 0.9.5 or later to remediate this vulnerability
• Review channel message audit logs for unauthorized modifications if running affected versions
• Implement additional authorization checks in custom deployments if immediate patching is not feasible
• Monitor for anomalous message edit patterns in channel activity logs

Evidence notes

The vulnerability is documented in a GitHub Security Advisory (GHSA-wwhq-cx22-f7vv) with tags indicating exploit availability, mitigation guidance, and vendor advisory status. The NVD record confirms the affected CPE as `cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*` with version end excluding 0.9.5. CVSS 3.1 vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. CWE-639 (Authorization Bypass Through User-Controlled Key) is identified as the weakness type.

Official resources