Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2026-44567

CVE-2026-44567: Open WebUI Auth Bypass Vulnerability

CVE-2026-44567 is an authentication bypass flaw in Open WebUI that allows unauthorized access by bypassing user role validation. This article covers the technical details, affected versions, and mitigation strategies.

Published:

CVE-2026-44567 Overview

CVE-2026-44567 is an authorization bypass vulnerability in Open WebUI, a self-hosted artificial intelligence platform designed to operate entirely offline. The flaw exists in versions prior to 0.1.124, where the API fails to validate that a requesting user holds an authorized user role. By default, when Open WebUI is configured with new sign-ups enabled, newly registered accounts receive a pending role and require administrator approval. The missing role check allows pending accounts to access functionality that should require approval, undermining the administrative gating workflow. The issue is classified under CWE-602: Client-Side Enforcement of Server-Side Security.

Critical Impact

Unapproved pending users can access API functionality reserved for approved users, bypassing the administrator review gate that protects new Open WebUI deployments.

Affected Products

  • Open WebUI versions prior to 0.1.124
  • Deployments with new user sign-ups enabled
  • Self-hosted Open WebUI instances exposed on networks accessible to untrusted users

Discovery Timeline

  • 2026-05-15 - CVE-2026-44567 published to the National Vulnerability Database
  • 2026-05-19 - Last updated in NVD database

Technical Details for CVE-2026-44567

Vulnerability Analysis

The vulnerability stems from improper enforcement of role-based access control on Open WebUI API endpoints. Open WebUI defines a multi-tier role model that includes pending, user, and admin roles. The intended workflow requires an administrator to transition a newly registered account from pending to user or admin through the Admin management panel before that account can access application functionality.

However, the API does not consistently verify that the caller holds the user role. A user holding only the pending role can issue authenticated requests and receive responses from endpoints that should be restricted. This converts what should be a gated approval workflow into an open registration model on affected versions.

Root Cause

The root cause is a missing server-side authorization check on protected API routes. Authentication succeeds for any registered account, including those in pending state, and the server fails to reject requests originating from unapproved roles. Under [CWE-602], the role enforcement responsibility was not consistently applied across the affected endpoints.

Attack Vector

The attack vector is the network. On any Open WebUI instance prior to 0.1.124 that has open registration enabled, an attacker can register an account, obtain a session token for the pending role, and then call API endpoints directly. No social engineering, administrator action, or additional credentials are required. The result is unauthorized access to AI platform functionality before the administrator has reviewed or approved the account.

No public proof-of-concept is referenced in the advisory. Technical specifics are available in the Open WebUI GitHub Security Advisory GHSA-4vg5-rp28-gvjf.

Detection Methods for CVE-2026-44567

Indicators of Compromise

  • New user registrations followed quickly by authenticated API requests before any administrator role change event in audit logs.
  • API requests from accounts whose role remained pending at the time of the request.
  • Unexpected growth in registered account count on instances where sign-ups were assumed to be gated by administrator approval.

Detection Strategies

  • Review Open WebUI application logs and database state to correlate account role changes with the timing of API activity per user.
  • Inspect reverse proxy or web server access logs for authenticated requests to model, chat, or configuration endpoints from accounts that were never promoted from pending.
  • Identify the running Open WebUI version and flag any instance reporting a version earlier than 0.1.124.

Monitoring Recommendations

  • Alert on registration spikes and on first-time API usage by accounts that have not been approved by an administrator.
  • Monitor outbound traffic from Open WebUI hosts for anomalous model usage that could indicate abuse by unapproved accounts.
  • Track administrator panel events and compare them against the population of active API callers to detect drift.

How to Mitigate CVE-2026-44567

Immediate Actions Required

  • Upgrade Open WebUI to version 0.1.124 or later, which contains the fix for the missing role validation.
  • Audit existing accounts and remove or downgrade any account that was created but never explicitly approved by an administrator.
  • Restrict network exposure of Open WebUI so the management interface is not reachable from untrusted networks while patching is in progress.

Patch Information

The vulnerability is fixed in Open WebUI 0.1.124. Operators should pull the patched release and redeploy. Refer to the Open WebUI GitHub Security Advisory GHSA-4vg5-rp28-gvjf for the authoritative remediation guidance.

Workarounds

  • Disable new user sign-ups in Open WebUI configuration until the instance is upgraded to 0.1.124.
  • Place Open WebUI behind an authenticating reverse proxy or VPN so that only trusted users can reach the registration and API endpoints.
  • Provision accounts manually through administrator action rather than relying on self-service registration during the remediation window.
bash
# Configuration example: disable open sign-ups as a temporary workaround
# Set the environment variable before launching Open WebUI
export ENABLE_SIGNUP=false

# Or in docker-compose.yml
# environment:
#   - ENABLE_SIGNUP=false

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne