These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-45347 is a blind server-side request forgery issue in Open WebUI’s PDF generate/export flow. The flaw was publicly disclosed on 2026-05-15 and fixed in Open WebUI 0.5.11. The available evidence indicates the issue can trigger server-side outbound requests through an image tag in user input, but scripts and some other tags were blocked, limiting the impact to blind SSRF rather than content readout.
CVE-2026-44566 affects Open WebUI versions prior to 0.1.124. According to the GitHub security advisory and NVD entry, the application derives the attached file name from the original HTTP upload request without validating or sanitizing it. That allows dot-segments in the file path to traverse out of the intended uploads directory, potentially writing files anywhere on the filesystem that the web server pr [truncated]
CVE-2026-44565 affects Open WebUI versions prior to 0.6.10. When an audio file is uploaded, the service derives the saved name from the original HTTP upload request without validating or sanitizing it. That lets a user include dot-segments in the filename and escape the intended uploads directory, potentially writing files anywhere the web server account can access. The issue is rated HIGH severity (CVSS [truncated]
CVE-2026-45396 affects Open WebUI versions prior to 0.9.5. The POST /api/v1/evaluations/feedback endpoint allows an authenticated requester to supply fields that should be server-controlled. Because FeedbackForm is configured with extra='allow' and insert_new_feedback() merges data in an insecure order, a client-supplied user_id can overwrite the intended server-derived value. The practical impact is forg [truncated]
CVE-2026-45395 describes an authorization flaw in Open WebUI’s tool update endpoint. Prior to version 0.9.5, a user who was supposed to be blocked from tool management could still update an existing tool and trigger execution of changed server-side Python content, bypassing the intended workspace.tools boundary.
CVE-2026-44555 is a high-severity access control flaw in Open WebUI’s model composition feature. Before 0.9.0, a user could create or import a composed model that pointed to a restricted base model, then invoke it even though they were not authorized for the underlying base model. The server would forward the request to that restricted model using the admin-configured API key, creating unauthorized access [truncated]