CVE-2026-45396: Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation

May 14, 2026 (updated May 15, 2026)

The POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses model_config = ConfigDict(extra='allow'). Due to an insecure dictionary merge order in insert_new_feedback(), an authenticated attacker can inject a user_id field in the request body that overwrites the server-derived value, creating feedback records attributed to any arbitrary user. This corrupts the model evaluation leaderboard (Elo ratings) and enables identity spoofing.

References

github.com/advisories/GHSA-rjmp-vjf2-qf4g
github.com/open-webui/open-webui/releases/tag/v0.9.5
github.com/open-webui/open-webui/security/advisories/GHSA-rjmp-vjf2-qf4g
nvd.nist.gov/vuln/detail/CVE-2026-45396

Code Behaviors & Features

Detect and mitigate CVE-2026-45396 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →