Improper access control in Open WebUI - CVE-2026-54021
Published: June 30, 2026
Open WebUI
Detailed vulnerability description
The vulnerability allows a remote user to access restricted Ollama backend resources.
The vulnerability exists due to improper access control in indexed Ollama proxy routes in backend/open_webui/routers/ollama.py when handling caller-supplied url_idx path parameters. A remote user can supply a crafted url_idx value to access restricted Ollama backend resources.
Requests are forwarded using the target backend's configured API key, and admin-disabled backends remain reachable through indexed routes because the disabled state is not re-checked at request time.