CNNVD-202512-503 Information
CNNVD ID
CNNVD-202512-503
Related CVE
- CNNVD Published: 2025-12-04
Description (Chinese)
Open WebUI是Open WebUI开源的一个可扩展、功能丰富、用户友好的自托管 WebUI。 Open WebUI v0.6.33版本存在安全漏洞,该漏洞源于API /api/tasks/stop/直接访问和取消任务而未验证用户所有权,可能导致攻击者停止任意LLM响应任务。
Description (English)
Open WebUI is an extended, functional, user-friendly, open source of Open WebUI WebUI. Open WebUI v0.6.33 has a security loophole that originates from API /api/tasks/stop/direct access and cancellation without authentication of user ownership, which may lead the attackers to cease to respond to any type of LLM response.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Open WebUI
Published
2025-12-04
Last Modified
2026-02-24
References
https://github.com/TOAST-Research/pocs/blob/main/openwebui/arbitirary_task_stop/report.md https://github.com/open-webui/open-webui/blob/46ae3f4f5d7d4d706041bdae4ad2d802e568712b/backend/open_webui/main.py#L1652
Patch
https://github.com/open-webui/open-webui/releases
Share on: