AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-jgj3-r8hr-9pjw: Open WebUI's Improper Authorization in Standard Channels Allows Message Updates with Read Permission

mediumvulnerability

security

Source: GitHub Advisory DatabaseMay 11, 2026CVE-2026-44571

Summary

Open WebUI has an authorization flaw in standard channels (regular channels, not group or direct message channels) where the message update endpoint incorrectly allows access with read permission only. This means any authenticated user can modify other users' messages if they know the message ID, violating data integrity (the guarantee that information stays accurate and unchanged by unauthorized parties).

Solution / Mitigation

Update the permission check in `backend/open_webui/routers/channels.py:1451–1456` by changing the authorization requirement from `has_access(..., type="read")` to `has_access(..., type="write")`, ensuring only administrators, message owners, or users with write permission (the ability to create or modify content) can update messages.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Patch Available

Yes

Disclosure Date

May 11, 2026

Classification

Attack SophisticationTrivial

Impact (CIA+S)

integrity

Affected Vendors

Affected Packages

open-webui@<= 0.8.5 (fixed: 0.8.6)

Monthly digest — independent AI security research

Original source: https://github.com/advisories/GHSA-jgj3-r8hr-9pjw

First tracked: May 11, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 85%