CVE-2026-45349 | open-webui Open WebUI up to 0.8.x API Endpoint /api/chat/completions authorization (GHSA-gfm2-xm6c-37qc)

A vulnerability was found in open-webui Open WebUI up to 0.8.x. It has been declared as critical. Affected by this issue is some unknown functionality of the file /api/chat/completions of the component API Endpoint. Such manipulation leads to authorization bypass.

This vulnerability is traded as CVE-2026-45349. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More