CVE-2026-54021: Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, sever
Summary
Open WebUI, a self-hosted AI platform that runs offline, had a vulnerability before version 0.9.6 where authenticated users could bypass access controls by manipulating a url_idx parameter (a number used to select which backend server to use). This allowed them to reach Ollama backends (the AI model servers) they shouldn't have access to, including internal or admin-disabled ones, because the system only checked if they could use a model but not which backend server they were routed to.
Solution / Mitigation
This vulnerability is fixed in 0.9.6.
Vulnerability Details
6.3(medium)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
network
low
low
none
June 23, 2026
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-54021
First tracked: June 24, 2026 at 02:13 AM
Classified by LLM (prompt v3) · confidence: 92%