CVE-2026-44562: Open WebUI's Model Import Overwrites Any Model Without Ownership Check

May 8, 2026

The POST /api/v1/models/import endpoint allows users with the workspace.models_import permission to overwrite any existing model in the database, regardless of ownership. When an imported model’s ID matches an existing model, the endpoint merges the attacker’s payload over the existing model data and writes it to the database with no ownership or access grant validation. Additionally, filter_allowed_access_grants is never called, bypassing the access grant restrictions enforced on all other model mutation endpoints.

References

github.com/advisories/GHSA-mqq6-cqcx-38vg
github.com/open-webui/open-webui
github.com/open-webui/open-webui/security/advisories/GHSA-mqq6-cqcx-38vg
nvd.nist.gov/vuln/detail/CVE-2026-44562

Code Behaviors & Features

Detect and mitigate CVE-2026-44562 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →