AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-44556: Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /

highvulnerability

LLM-Specific

security

Source: NVD/CVE DatabaseMay 15, 2026CVE-2026-44556

Summary

Open WebUI, a self-hosted AI platform that runs offline, had a security flaw in versions before 0.9.0 where the /responses endpoint allowed any logged-in user to access any model on the system without proper permission checks. While the main chat endpoint verified that users had the right to use specific models through ownership, group membership, and access grants, the /responses proxy skipped these checks and only confirmed the user was logged in, letting attackers use models they shouldn't have access to.

Solution / Mitigation

This vulnerability is fixed in 0.9.0.

Vulnerability Details

CVSS Score

7.1(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Attack Vector

network

Attack Complexity

low

Privileges Required

low

User Interaction

none

Disclosure Date

May 15, 2026

Classification

Attack SophisticationTrivial

Impact (CIA+S)

confidentialityintegrity

AI Component TargetedAPI

Taxonomy References

CWE (Weakness Type)

CWE-284 CWE-862

CAPEC (Attack Pattern)

CAPEC-122

Affected Vendors

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-44556

First tracked: May 15, 2026 at 08:12 PM

Classified by LLM (prompt v3) · confidence: 95%