CVE-2026-44562

ANC

Medium

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/models/…

CVSS

6.5

Medium

EPSS

0.00

p20

Published

2026-01-01

Updated

2026-01-01

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/models/import endpoint allows users with the workspace.models_import permission to overwrite any existing model in the database, regardless of ownership. When an imported model's ID matches an existing model, the endpoint merges the attacker's payload over the existing model data and writes it to the database with no ownership or access grant validation. Additionally, filter_allowed_access_grants is never called, bypassing the access grant restrictions enforced on all other model mutation endpoints. This vulnerability is fixed in 0.9.0.

Tags · CWE

CWE-283

Affected products

Open_webui < 0.9.0

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Timeline

2026-01-01

Published

2026-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: L

Low (L)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: H

High (H)

Availability Impact

A: N

None (N)

Exploit indicators

EPSS

0.003 · p20

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Openwebui

Open Webui

Product	Vendor	Status
		Tracked
open_webui	*	Tracked

Source databases

ANC

CVE

External references

https://github.com/open-webui/open-webui/security/advisories/GHSA-mqq6-cqcx-38vg