CVE-2026-44571: Open WebUI's Improper Authorization in Standard Channels Allows Message Updates with Read Permission

(updated )

Vulnerability Description

In standard channels (i.e., channels whose channel.type is neither group nor dm), the endpoint

POST /api/v1/channels/{channel_id}/messages/{message_id}/update can be accessed with read permission only.

When access_control is set to None, the authorization check has_access(..., type="read") evaluates to True, allowing users who are not the message owner to update messages.

As a result, unauthorized modification of other users’ messages is possible.

Attack Prerequisites

  • The attacker is an authenticated user (role user or higher)
  • The target channel is a standard channel (i.e., not group or dm)
  • access_control is None or allows read access
  • The attacker can obtain the target message_id (e.g., via the channel’s message list)

Attack Scenario

  1. The attacker (User B) retrieves another user’s message_id from the message list in a standard channel

  2. The attacker sends a request to

    POST /api/v1/channels/{channel_id}/messages/{message_id}/update

  3. The message authored by another user (User A) is successfully updated

Potential Impact

  • Unauthorized modification of other users’ messages (violation of data integrity)

Steps to Reproduce

  1. Log in as an administrator
  1. Create User A
  1. Create User B
  1. Log in as User A
  1. Log in as User B
  1. As the administrator, create a new channel
  1. As User A, post a new message in the channel
  1. As User B, edit User A’s message
  1. Confirm that User A’s message has been modified without authorization

Affected Files and Line Numbers

  • backend/open_webui/routers/channels.py:1417–1460

    The authorization check in update_message_by_id allows access with read permission

  • backend/open_webui/utils/access_control.py:124–135

    When access_control=None and strict=True, read access is permitted

  • backend/open_webui/models/messages.py:341–358

    The update logic does not enforce any message ownership check

Recommended Mitigation

Update the condition in

backend/open_webui/routers/channels.py:1451–1456

by changing the permission check from read to write, so that only administrators, message owners, or users with write permission can update messages.

Proposed Changes

  • For standard channels, change the update permission requirement from

    has_access(..., type="read") to has_access(..., type="write")

  • Preserve the existing ownership check (message.user_id == user.id)

<strong>AI Usage</strong>

  • Translation from Japanese to English
  • CWE classification and assessment
  • Affected Files and Line Numbers

References

Code Behaviors & Features

Detect and mitigate CVE-2026-44571 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →