CVE-2026-45396
Published: 15 May 2026
Summary
CVE-2026-45396 is a medium-severity Improperly Controlled Modification of Dynamically-Determined Object Attributes (CWE-915) vulnerability in Openwebui Open Webui. Its CVSS base score is 5.4 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Stored Data Manipulation (T1565.001); ranked at the 22.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Data-Related Vulnerabilities risk domain.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-30630
Vulnerability details
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses model_config = ConfigDict(extra='allow'). Due to an insecure…
more
dictionary merge order in insert_new_feedback(), an authenticated attacker can inject a user_id field in the request body that overwrites the server-derived value, creating feedback records attributed to any arbitrary user. This corrupts the model evaluation leaderboard (Elo ratings) and enables identity spoofing. This vulnerability is fixed in 0.9.5.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Data-Related Vulnerabilities
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: artificial intelligence, open webui
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Mass assignment enables stored feedback data manipulation (T1492) and user identity spoofing (T1656) in app-specific evaluation records.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.