CVE-2026-45666 open-webui CVE debrief

Who should care

Organizations running self-hosted Open WebUI instances with multiple users, particularly those storing sensitive or private information in user notes. Security teams responsible for AI platform infrastructure and application security engineers reviewing API authorization patterns.

Technical summary

The `/api/v1/notes/{note_id}` endpoint in Open WebUI prior to 0.8.11 fails to validate that the requesting authenticated user owns the requested note resource. Attackers with valid credentials can iterate through UUID values to access arbitrary notes. The fix in version 0.8.11 adds proper authorization checks to ensure users can only retrieve their own notes.

Defensive priority

medium

Recommended defensive actions

• Upgrade Open WebUI to version 0.8.11 or later to remediate the authorization bypass vulnerability
• Review API endpoint access controls for other resources that may use UUID-based identification without proper ownership verification
• Monitor access logs for unusual patterns of note retrieval requests that may indicate attempted exploitation
• Implement additional authorization checks at the application layer to verify note ownership before returning data
• Consider implementing rate limiting on note retrieval endpoints to reduce the feasibility of UUID enumeration attacks

Evidence notes

NVD records indicate the vulnerability affects Open WebUI versions prior to 0.8.11, with CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The GitHub Security Advisory (GHSA-x3qm-p8hr-3c3h) confirms the issue and provides patch information. CPE criteria: cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*, vulnerable versions exclude 0.8.11 and above. CWE-639 (Authorization Bypass Through User-Controlled Key) identified as the weakness type.

Official resources