{"data":{"id":"dca77fdc-e9dc-4504-9548-a720dd4d8cec","title":"GHSA-jh9g-8jqw-m2qx: Open WebUI Exposes System Prompt to Regular User [Non-Admin]","summary":"In Open WebUI v0.6.40, a regular user can view the system prompt (the hidden instructions that control how an AI model behaves) that an admin set up, by making a simple web request to /api/models. This exposes confidential information because attackers can learn how the model works internally and potentially manipulate its behavior.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-jh9g-8jqw-m2qx","publishedAt":"2026-05-14T20:25:04.000Z","cveId":"CVE-2026-45351","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":["open-webui@<= 0.8.8 (fixed: 0.8.9)"],"affectedVendors":[],"affectedVendorsRaw":["Open WebUI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-14T20:25:04.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}