Vulnerabilities

Report: CVE-2026-45345 - Open WebUI: Missing authorization check at the model update function - models fr

2026-05-16 0 views admin

CVE ID :CVE-2026-45345 Published : May 15, 2026, 10:16 p.m. | 1 hour, 9 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.7, a user can modify another user's model even if its visibility is set to Private. By changing the access permissions during editing, unauthorized access can be gained. This vulnerability is fixed in 0.5.7. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-45345

Severity

MEDIUM

Published

May 15, 2026

🏷️ Tags

report45345webuimissingauthorizationcheckmodelupdatefunctionmodels

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: CVE-2026-45345 - Open WebUI: Missing authorization check at the model update function - models fr

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: CVE-2026-8681 - Essential Chat Support <= 1.0.1 - missing authorization to unauthenticated settin

Report: CVE-2026-44570 - Open WebUI: Inconsistent authorization controls within memories API - Complete Guide

Report: CVE-2026-44567 - Open WebUI: Open WebUI Improper Authorization Control

Report: CVE-2026-44569 - Open WebUI: Insecure Message Access Breaks Authorization

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting