Back to list

Open WebUI's chat completion API allows tool restrictions to be bypassed — CVE-2026-45350

GitHub · GitHub · CVE-2026-45350

ID
CVE-2026-45350
Date
Updated
Activity
Source
GitHub
Vendor
GitHub
Threat
high
CVSS
7.1
EPSS
0.00055

Summary

### Summary Open WebUI v0.6.43 contains a vulnerability in its chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. ### Details In the [chat_completion](https://github.com/open-webui/open-webui/blob/a7271532f8a38da46785afcaa7e65f9a45e7d753/backend/open_webui/main.py#L1529) API, the parameters [tool_ids and…

Product

pip: open-webui

What to do

General, cautious steps (verify details in the official source):

  • Prioritize patching or mitigation immediately (treat as actively risky).
  • Identify affected product versions in your inventory and verify whether you are impacted.
  • Apply vendor patches/updates or recommended mitigations as soon as available.
  • Read the official advisory for exact affected versions and remediation steps.

Official advisory

Related advisories

GitHub GitHub 2026-W21