{"data":{"id":"aef24f01-fa83-4ef2-818c-64c40ce8a4b8","title":"CVE-2026-54021: Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, sever","summary":"Open WebUI, a self-hosted AI platform that runs offline, had a vulnerability before version 0.9.6 where authenticated users could bypass access controls by manipulating a url_idx parameter (a number used to select which backend server to use). This allowed them to reach Ollama backends (the AI model servers) they shouldn't have access to, including internal or admin-disabled ones, because the system only checked if they could use a model but not which backend server they were routed to.","solution":"This vulnerability is fixed in 0.9.6.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-54021","publishedAt":"2026-06-23T18:18:07.370Z","cveId":"CVE-2026-54021","cweIds":["CWE-863"],"cvssScore":"6.3","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Open WebUI","Ollama"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-23T18:18:07.370Z","capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}