Missing Authorization in Open WebUI - #VU136843
Published: July 3, 2026
Open WebUI
Detailed vulnerability description
The vulnerability allows a remote user to overwrite messages in channels they do not belong to.
The vulnerability exists due to improper access control in the chat completion API channel pipeline when handling chat completion requests with a channel:-prefixed chat_id and attacker-controlled message_id values. A remote user can send a specially crafted chat completion request to overwrite messages in channels they do not belong to.
The overwritten message retains the original author attribution while displaying attacker-controlled content, including in private and direct-message channels.