What is GHSA-jgj3-r8hr-9pjw?

GHSA-jgj3-r8hr-9pjw is a security advisory published by GitHub Security Advisories with Medium severity. Open WebUI's Improper Authorization in Standard Channels Allows Message Updates with Read Permission

Which CVE IDs does GHSA-jgj3-r8hr-9pjw cover?

GHSA-jgj3-r8hr-9pjw covers the following CVE IDs: CVE-2026-44571. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-jgj3-r8hr-9pjw?

GHSA-jgj3-r8hr-9pjw has a CVSS v3 base score of 6.5, published by GitHub Security Advisories.

Which products are affected by GHSA-jgj3-r8hr-9pjw?

GHSA-jgj3-r8hr-9pjw affects 1 product, including: pip/open-webui:\u003c= 0.8.5.

GHSA-jgj3-r8hr-9pjwMediumCVSS 6.5

Open WebUI's Improper Authorization in Standard Channels Allows Message Updates with Read Permission

Vendor

GitHub Security Advisories

Published

May 11, 2026

Last Modified

May 19, 2026

🔗 CVE IDs covered (1)

CVE-2026-44571 →

📋 Description

Vulnerability Description

In standard channels (i.e., channels whose channel.type is neither group nor dm), the endpoint

POST /api/v1/channels/{channel_id}/messages/{message_id}/update can be accessed with read permission only.

When access_control is set to None, the authorization check has_access(..., type="read") evaluates to True, allowing users who are not the message owner to update messages.

As a result, unauthorized modification of other users’ messages is possible.

Attack Prerequisites

The attacker is an authenticated user (role user or higher)
The target channel is a standard channel (i.e., not group or dm)
access_control is None or allows read access
The attacker can obtain the target message_id (e.g., via the channel’s message list)

Attack Scenario

The attacker (User B) retrieves another user’s message_id from the message list in a standard channel
The attacker sends a request to

POST /api/v1/channels/{channel_id}/messages/{message_id}/update
The message authored by another user (User A) is successfully updated

Potential Impact

Unauthorized modification of other users’ messages (violation of data integrity)

Steps to Reproduce

Create User A

Create User B

As the administrator, create a new channel

As User A, post a new message in the channel

As User B, edit User A’s message

Confirm that User A’s message has been modified without authorization

Affected Files and Line Numbers

backend/open_webui/routers/channels.py:1417–1460

The authorization check in update_message_by_id allows access with read permission
backend/open_webui/utils/access_control.py:124–135

When access_control=None and strict=True, read access is permitted
backend/open_webui/models/messages.py:341–358

The update logic does not enforce any message ownership check

Recommended Mitigation

Update the condition in

backend/open_webui/routers/channels.py:1451–1456

by changing the permission check from read to write, so that only administrators, message owners, or users with write permission can update messages.

Proposed Changes

For standard channels, change the update permission requirement from

has_access(..., type="read") to has_access(..., type="write")
Preserve the existing ownership check (message.user_id == user.id)