Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses model_config = ConfigDict(extra='allow'). Due to an insecure dictionary merge order in insert_new_feedback(), an authenticated attacker can inject a user_id field in the request body that overwrites the server-derived value, creating feedback records attributed to any arbitrary user. This corrupts the model evaluation leaderboard (Elo ratings) and enables identity spoofing. This vulnerability is fixed in 0.9.5.
References
| Link | Resource |
|---|---|
| https://github.com/open-webui/open-webui/security/advisories/GHSA-rjmp-vjf2-qf4g | Exploit Vendor Advisory |
| https://github.com/open-webui/open-webui/security/advisories/GHSA-rjmp-vjf2-qf4g | Exploit Vendor Advisory |
Configurations
History
19 May 2026, 12:20
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Openwebui
Openwebui open Webui |
|
| CPE | cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:* | |
| References | () https://github.com/open-webui/open-webui/security/advisories/GHSA-rjmp-vjf2-qf4g - Exploit, Vendor Advisory |
15 May 2026, 23:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/open-webui/open-webui/security/advisories/GHSA-rjmp-vjf2-qf4g - |
15 May 2026, 21:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-05-15 21:16
Updated : 2026-05-19 12:20
NVD link : CVE-2026-45396
Mitre link : CVE-2026-45396
CVE.ORG link : CVE-2026-45396
JSON object : View
Products Affected
openwebui
- open_webui
CWE
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes