CVE-2026-45365: Open WebUI: Authenticated users can bypass model access control via exposed query parameter [AI-ASSISTED]

May 14, 2026 (updated May 19, 2026)

An internal-only bypass_filter parameter is exposed on the /openai/chat/completions and /ollama/api/chat HTTP endpoints via FastAPI query string binding, allowing any authenticated user to append ?bypass_filter=true and bypass model access control checks to invoke admin-restricted models.

References

github.com/advisories/GHSA-v6qf-75pr-p96m
github.com/open-webui/open-webui/commit/c0385f60ba049da48d2d5452068586d375303c37
github.com/open-webui/open-webui/releases/tag/v0.8.11
github.com/open-webui/open-webui/security/advisories/GHSA-v6qf-75pr-p96m
nvd.nist.gov/vuln/detail/CVE-2026-45365

Code Behaviors & Features

Detect and mitigate CVE-2026-45365 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →