CVE-2026-45387 in Open WebUIالمعلومات

الملخص

بحسب MITRE • 16/05/2026

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, when setting model permissions so that a group has read access to it, intending for other users to use it, those users also can read the model's system prompt. However users may consider their system prompt confidential, so this is considered a security issue. This vulnerability is fixed in 0.9.5.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

12/05/2026

إفشاء

16/05/2026

الاعتدال

تمت الموافقة

إدخال

VDB-364274

CPE

جاهز

CWE

CWE-200 (مؤكد)

CVSS

4.3 (CNA)

EPSS

0.00026

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-45387
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-45387
CVE Details	https://www.cvedetails.com/cve/CVE-2026-45387/

التالي ▸نظرة عامة ◂ السابق

Want to know what is going to be exploited?

We predict KEV entries!