CVE-2026-45339 | THREATINT

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI allows admins to restrict which API endpoints an API key can access. When an API key is restricted from /api/v1/messages, requests using the Authorization: Bearer sk-... header are correctly blocked with 403. However, the same key sent via the x-api-key header bypasses the restriction entirely — the request is authenticated, the model is invoked, and a full response is returned. This vulnerability is fixed in 0.9.0.

PUBLISHED Reserved 2026-05-11 | Published 2026-05-15 | Updated 2026-05-19 | Assigner GitHub_M

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-863: Incorrect Authorization

Product status

< 0.9.0

affected

References

github.com/...-webui/security/advisories/GHSA-57q6-fvp4-pqmm exploit

github.com/...-webui/security/advisories/GHSA-57q6-fvp4-pqmm

cve.org (CVE-2026-45339)

nvd.nist.gov (CVE-2026-45339)

Download JSON