PatchSiren cyber security CVE debrief
CVE-2026-45386 open-webui CVE debrief
Open WebUI versions prior to 0.9.5 contain an authorization bypass vulnerability in the message pinning functionality. The Pin/Unpin operation modifies message state (is_pinned, pinned_by, pinned_at fields) but incorrectly validates only read permissions in standard channels. This allows users with read-only access to pin or unpin any message, violating the expected write-access control boundary. The vulnerability has a CVSS 3.1 score of 4.3 (Medium severity) with an attack vector of network-accessible, low attack complexity, and low privileges required. No user interaction is needed, and the impact is limited to integrity (low) with no confidentiality or availability impact. The issue is classified under CWE-639: Authorization Bypass Through User-Controlled Key. The vendor has released version 0.9.5 to remediate this flaw. No known exploitation in the wild or ransomware campaign use has been reported.
- Vendor
- open-webui
- Product
- Unknown
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-15
- Original CVE updated
- 2026-05-19
- Advisory published
- 2026-05-15
- Advisory updated
- 2026-05-19
Who should care
Organizations running self-hosted Open WebUI instances with multi-user channel configurations, particularly those relying on read-only permissions to restrict user capabilities in shared AI conversation spaces.
Technical summary
The vulnerability exists in the Pin/Unpin API endpoint for standard channels. The endpoint performs a permission check using read-level authorization rather than write-level authorization. When a user with read-only channel access submits a pin or unpin request, the insufficient check permits the operation to proceed, updating the message's pinned status, pinner identity, and timestamp fields. This represents a horizontal privilege escalation where read access is incorrectly treated as sufficient for state-modifying operations. The fix in 0.9.5 implements proper write permission validation before allowing pin state modifications.
Defensive priority
medium
Recommended defensive actions
- Upgrade Open WebUI to version 0.9.5 or later to remediate the authorization bypass vulnerability
- Review channel permission configurations to ensure write operations require appropriate authorization checks
- Audit message pin/unpin history in standard channels for unauthorized modifications if running affected versions
- Monitor access logs for anomalous pinning activity from read-only user accounts
- Validate that custom permission implementations do not replicate the same read-only check for write operations
Evidence notes
Vulnerability confirmed through vendor security advisory (GHSA-5gc6-xhv4-2wg6) and NVD record. CPE criteria confirms affected versions are all releases prior to 0.9.5. CVSS vector and CWE classification sourced from official vulnerability databases.
Official resources
-
CVE-2026-45386 CVE record
CVE.org
-
CVE-2026-45386 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Mitigation, Vendor Advisory
2026-05-15T21:16:37.043Z