CVE-2026-45387: Open WebUI: Sharing models for others to use (read permission) also exposes model details (system prompt leakage)

May 14, 2026 (updated May 15, 2026)

When setting model permissions so that a group has read access to it, intending for other users to use it, those users also can read the model’s system prompt.

However users may consider their system prompt confidential, so we consider this a security issue.

Compare https://genai.owasp.org/llmrisk/llm072025-system-prompt-leakage/ or prompt injections to get popular chatbots on the internet to reveal their prompt.

References

github.com/advisories/GHSA-h2cw-7qw9-56xr
github.com/open-webui/open-webui/releases/tag/v0.9.5
github.com/open-webui/open-webui/security/advisories/GHSA-h2cw-7qw9-56xr
nvd.nist.gov/vuln/detail/CVE-2026-45387

Code Behaviors & Features

Detect and mitigate CVE-2026-45387 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →