open-webui
open-webui: Missing calendar write permission check in event update endpoint
The POST /api/v1/calendars/events/{event_id}/update endpoint validates write access to the source calendar but does not validate t
open-webui: Missing file ownership check in chat completion endpoint
A security vulnerability was discovered in the chat completion endpoint where an authenticated user can read another user's files
open-webui: Path traversal in cache file serving allows reading sibling directories
A path traversal vulnerability in open-webui's cache file serving endpoint allows authenticated users to read files from sibling d
Open WebUI: Prompt Version History Authorization Bypass
Three prompt version-history endpoints fail to verify that the history entry belongs to the authorized prompt, allowing authentica
open-webui Ollama proxy route missing backend authorization check
Several Ollama proxy routes accept a caller-supplied url_idx path parameter and use it as a raw index into the OLLAMA_BASE_URLS li
open-webui: Socket.IO note authorization bypass via underscore ID
The `ydoc:document:join` handler in `socket/main.
open-webui: Cross-Origin Message Injection in Chat.svelte
The chat message listener in Chat.
open-webui SSRF via OAuth picture URL redirect (CVE-2026-45401 sibling)
A new SSRF vulnerability (CVE-2026-45401 sibling) was discovered in open-webui <=0.
Open WebUI v0.9.5 and earlier: Missing file ownership checks allow unauthorized file access and deletion
Open WebUI v0.9.5 and earlier allow an authenticated attacker to attach arbitrary file_id values to their own chat messages withou
open-webui: Stored XSS via Mermaid in Markdown Preview
Open WebUI renders Mermaid blocks from Markdown files in the file preview panel with securityLevel set to 'loose', allowing stored
Open WebUI: Unvalidated file IDs in model meta.knowledge allow unauthorized file access
Open WebUI allows users with workspace model permissions to store arbitrary file IDs in model meta.
Open WebUI <= 0.9.5 Stored XSS to Account Takeover via Model Profile Images
Stored XSS to account takeover via model profile images.
open-webui terminal-server proxy path traversal and SSRF
The terminal-server reverse proxy in backend/open_webui/routers/terminals.
open-webui SafePlaywrightURLLoader SSRF via Redirect Bypass
SafePlaywrightURLLoader validates only the initial URL, not redirect targets.