CVE-2026-45387
🔶 mediumSummary
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, when setting model permissions so that a group has read access to it, intending for other users to use it, those users also can read the model's system prompt. However users may consider their system prompt confidential, so this is considered a security issue. This vulnerability is fixed in 0.9.5.
CVSS Score
4.3
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-15
First Seen: 2026-05-17
📊 Relative Risk Intelligence
This CVE is Lower Risk - more severe than 5.4% of all 328,009 vulnerabilities in our database.
#310,261
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 15, 2026
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by
CISA
Last Modified
2026-05-19
Source
NVD 🔗
CVSS Vector 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE IDs (Weakness Types)