SB2026051164 - Improper Authorization in Open WebUI

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Authorization (CVE-ID: N/A)

The vulnerability allows a remote user to bypass model access control and invoke restricted models.

The vulnerability exists due to improper authorization in the /openai/chat/completions and /ollama/api/chat HTTP endpoints when handling requests with the exposed bypass_filter query parameter. A remote user can append ?bypass_filter=true to a request URL to bypass model access control and invoke restricted models.

The issue affects the FastAPI route handlers generate_chat_completion in routers/openai.py and routers/ollama.py, where an internal-only parameter is bound from the query string.

Remediation

Install update from vendor's website.

References

• https://github.com/open-webui/open-webui/security/advisories/GHSA-v6qf-75pr-p96m
• https://github.com/open-webui/open-webui/commit/c0385f60ba049da48d2d5452068586d375303c37