CVE-2026-45396 open-webui CVE debrief

Who should care

Administrators, operators, and developers running Open WebUI deployments that use the evaluations/feedback feature or rely on leaderboard integrity and user attribution.

Technical summary

The issue is a mass-assignment problem in the feedback submission path. The GitHub security advisory referenced by NVD describes FeedbackForm using model_config = ConfigDict(extra='allow'), which permits unexpected fields in the request body. In insert_new_feedback(), an insecure merge order lets a request-supplied user_id override the server-derived value. That enables an authenticated attacker to create feedback records credited to an arbitrary user, distorting evaluation scores and related attribution data.

Defensive priority

Medium. The flaw requires authentication and does not affect confidentiality, but it can directly tamper with identity attribution and scoring data in a core application workflow.

Recommended defensive actions

• Upgrade Open WebUI to version 0.9.5 or later, which the advisory says fixes the issue.
• Verify that the feedback endpoint rejects client-supplied user_id values and that attribution is derived only from server-side identity.
• Review existing feedback and leaderboard data for suspicious or inconsistent user attribution after exposure.
• Monitor for unusual feedback submissions until patched, especially if the evaluations feature is internet-reachable.

Evidence notes

The supplied Open WebUI advisory text states that versions before 0.9.5 are affected, that FeedbackForm uses extra='allow', and that an insecure merge order in insert_new_feedback() can let an authenticated attacker overwrite user_id. The NVD metadata lists the vulnerability as 'Undergoing Analysis', assigns CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L, and maps the weakness to CWE-915. The supplied timestamps place publication on 2026-05-15 and modification on 2026-05-18.

Official resources