CVE-2026-44569: Open WebUI IDOR Exposes Offline AI Messages
The National Vulnerability Database has disclosed CVE-2026-44569, a high-severity (CVSS 7.1) Insecure Direct Object Reference (IDOR) vulnerability in Open WebUI versions prior to 0.6.19. Open WebUI is a self-hosted platform designed for offline AI operations. This flaw allows authenticated users with read access to a channel to modify or delete any message within that channel, regardless of message ownership.
The vulnerability stems from a critical oversight in the backend API. While the frontend correctly restricts edit/delete buttons to message owners or administrators, the underlying API endpoints for message update and deletion only validate channel-level authorization. They completely bypass message ownership checks. This means an attacker can simply call the API directly, sidestepping client-side controls, to manipulate messages they do not own.
This is a classic client-side enforcement bypass, a common pitfall. For defenders, it highlights the danger of relying on UI-level security. Authorization must always be enforced server-side. Organizations using Open WebUI should prioritize upgrading to version 0.6.19 immediately to remediate this issue and prevent unauthorized message tampering.
What This Means For You
- If your organization uses Open WebUI, you are exposed. This isn't theoretical; it's a direct API bypass. Immediately upgrade to version 0.6.19 to patch CVE-2026-44569. Failure to do so means any authenticated user can alter or delete messages in channels they can read, compromising data integrity and potentially enabling social engineering or misinformation campaigns.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-44569: Open WebUI IDOR API Call to Modify/Delete Messages
title: CVE-2026-44569: Open WebUI IDOR API Call to Modify/Delete Messages
id: scw-2026-05-15-ai-1
status: experimental
level: high
description: |
Detects API calls to the Open WebUI '/api/items/' endpoint using PUT or DELETE methods. This targets the specific IDOR vulnerability (CVE-2026-44569) where authenticated users can modify or delete any message within channels they have read access to, bypassing ownership validation. This rule specifically looks for the backend API calls that are vulnerable, as the frontend checks are bypassed.
author: SCW Feed Engine (AI-generated)
date: 2026-05-15
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-44569/
tags:
- attack.impact
- attack.t1531
logsource:
category: webserver
detection:
selection:
cs-uri|startswith:
- '/api/items/'
cs-method:
- 'PUT'
- 'DELETE'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-44569 | IDOR | Open WebUI versions prior to 0.6.19 |
| CVE-2026-44569 | IDOR | channels message management system |
| CVE-2026-44569 | IDOR | message update and delete endpoints |
| CVE-2026-44569 | Auth Bypass | client-side security control bypass via direct API calls |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 16, 2026 at 01:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
Open WebUI XSS Allows Privilege Escalation to Super Admin
CVE-2026-45665 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting (XSS) vulnerability exists...
CVE-2026-45351 — Open WebUI is a self-hosted artificial intelligence
CVE-2026-45351 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user [non-admin] logs into...
CVE-2026-45350: Open WebUI API Flaw Exposes Tools to Unauthorized Access
CVE-2026-45350 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion...