Open WebUI CVE-2026-45399: Low-Privilege Users Disrupt System-Wide AI Tasks
The National Vulnerability Database has disclosed CVE-2026-45399, a high-severity authorization bypass in Open WebUI, a self-hosted, offline-capable AI platform. Prior to version 0.9.0, any authenticated user with low privileges could enumerate and terminate active background tasks belonging to other users. This is not a theoretical flaw; it directly impacts system integrity and usability.
Specifically, the vulnerability leverages the GET /api/tasks and POST /api/tasks/stop/{task_id} methods. A casual user could continuously cancel other users’ active tasks, effectively disrupting system-wide chat usage. This is a critical issue for multi-user deployments where consistent service is expected, enabling denial-of-service from within.
Defenders need to understand the attacker’s calculus here: this isn’t about data exfiltration, but about operational disruption. An insider, or an external attacker who has gained low-level access, can weaponize this to cause chaos and degrade service availability. The National Vulnerability Database assigned a CVSS score of 7.1 (High) with a vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H, highlighting the significant impact on availability.
What This Means For You
- If your organization uses Open WebUI, you must immediately verify your installation version. Patching to 0.9.0 or later is non-negotiable to mitigate CVE-2026-45399. Failure to do so leaves your AI platform vulnerable to internal disruption and integrity attacks from any authenticated user, regardless of their assigned privileges. Audit your user access policies and consider the implications of low-privilege users having this level of system visibility and control.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Open WebUI Low-Privilege Task Disruption - CVE-2026-45399
title: Open WebUI Low-Privilege Task Disruption - CVE-2026-45399
id: scw-2026-05-15-ai-1
status: experimental
level: high
description: |
Detects low-privilege users attempting to stop background tasks in Open WebUI using the specific /api/tasks/stop/{task_id} endpoint, as described in CVE-2026-45399. This indicates a potential disruption of system-wide AI tasks by unauthorized users.
author: SCW Feed Engine (AI-generated)
date: 2026-05-15
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-45399/
tags:
- attack.impact
- attack.t1531
logsource:
category: webserver
detection:
selection:
cs-method:
- 'POST'
cs-uri:
- '/api/tasks/stop/*'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-45399 | Privilege Escalation | Open WebUI versions prior to 0.9.0 |
| CVE-2026-45399 | Auth Bypass | Open WebUI GET /api/tasks endpoint |
| CVE-2026-45399 | Auth Bypass | Open WebUI POST /api/tasks/stop/{task_id} endpoint |
| CVE-2026-45399 | Denial of Service | Open WebUI versions prior to 0.9.0 allowing low-privilege users to stop other users' tasks |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 15, 2026 at 23:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
radare2 Use-After-Free (CVE-2026-8696) Risks Denial of Service, RCE
CVE-2026-8696 — radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial...
CVE-2026-45675: Open WebUI Vulnerable to Admin Role Race Condition
CVE-2026-45675 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use...
CVE-2026-45671: Open WebUI File Deletion Flaw Impacts Self-Hosted AI
CVE-2026-45671 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delete files...