SB2026051158 - Multiple vulnerabilities in Open WebUI
Published: May 11, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 vulnerabilities.
1) Server-Side Request Forgery (SSRF) (CVE-ID: N/A)
CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to disclose sensitive information from internal resources.
The vulnerability exists due to server-side request forgery (SSRF) in _process_picture_url() in backend/open_webui/utils/oauth.py when processing OAuth picture claims. A remote user can supply a crafted picture URL to disclose sensitive information from internal resources.
Exploitation requires OAuth to be configured with ENABLE_OAUTH_SIGNUP=true or OAUTH_UPDATE_PICTURE_ON_LOGIN=true.
2) Incorrect authorization (CVE-ID: N/A)
CWE-ID: CWE-863 - Incorrect Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to bypass endpoint restrictions and access restricted API functionality.
The vulnerability exists due to incorrect authorization in the API key endpoint restriction check when authenticating requests with the x-api-key header. A remote privileged user can send a request with a valid API key in the x-api-key header to bypass endpoint restrictions and access restricted API functionality.
The issue affects requests to the Anthropic-compatible API path, where the restriction check is applied to Authorization headers but skipped for the same key presented in x-api-key.
3) Authorization bypass through user-controlled key (CVE-ID: N/A)
CWE-ID: CWE-639 - Authorization Bypass Through User-Controlled Key
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to disclose sensitive information and modify another user's conversation.
The vulnerability exists due to authorization bypass through a user-controlled key in the /api/chat/completions endpoint when handling requests that reference an existing chat by chat_id. A remote user can send a request with their own API key and another user's chat ID to disclose sensitive information and modify another user's conversation.
Exploitation requires knowledge of another user's chat ID, and both users must have access to the same model.
4) Missing Authorization (CVE-ID: N/A)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to cause a denial of service.
The vulnerability exists due to missing authorization in the /api/tasks and /api/tasks/stop/{task_id} endpoints when handling authenticated requests to list and stop tasks. A remote user can enumerate global task IDs and stop tasks belonging to other users to cause a denial of service.
This affects multi-user deployments and also exposes task IDs belonging to other users.
Remediation
Install update from vendor's website.
References
- https://github.com/open-webui/open-webui/security/advisories/GHSA-24c9-2m8q-qhmh
- https://github.com/open-webui/open-webui/security/advisories/GHSA-57q6-fvp4-pqmm
- https://github.com/open-webui/open-webui/security/advisories/GHSA-gfm2-xm6c-37qc
- https://github.com/open-webui/open-webui/commit/cf4218e688def6f11d195aeda6665ae5b5376b67
- https://github.com/open-webui/open-webui/security/advisories/GHSA-8jjp-r2w2-4v22
- https://github.com/open-webui/open-webui/commit/e7ff4768f8ffe1924b4576381c9e45e8a64350e4