{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/open-webui--0.6.18/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["open-webui (\u003c= 0.6.18)"],"_cs_severities":["high"],"_cs_tags":["idor","privilege-escalation","defense-evasion","cloud"],"_cs_type":"advisory","_cs_vendors":["Open WebUI"],"content_html":"\u003cp\u003eOpen WebUI versions 0.6.18 and earlier contain an Insecure Direct Object Reference (IDOR) vulnerability within the channel message management system. This flaw allows authenticated users with read access to a channel to modify or delete messages created by other users within the same channel. The vulnerability stems from the absence of message ownership validation in the backend API endpoints responsible for updating and deleting messages. While the frontend implements client-side checks to restrict message editing and deletion to owners or administrators, these controls can be bypassed by directly interacting with the backend APIs, allowing unauthorized message tampering and deletion. This poses a risk to message integrity and auditability within collaborative channel environments. The issue was reported on May 11, 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker authenticates to the Open WebUI application.\u003c/li\u003e\n\u003cli\u003eAttacker gains read access to a channel.\u003c/li\u003e\n\u003cli\u003eVictim creates a message within the channel.\u003c/li\u003e\n\u003cli\u003eAttacker observes the \u003ccode\u003emessage_id\u003c/code\u003e of the victim\u0026rsquo;s message, either through the frontend or by intercepting API requests.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious API request to either update the message content or delete the message, using the victim\u0026rsquo;s \u003ccode\u003emessage_id\u003c/code\u003e and the channel\u0026rsquo;s ID.\u003c/li\u003e\n\u003cli\u003eAttacker sends the crafted API request to the \u003ccode\u003e/api/v1/channels/{channel_id}/messages/{victim_message_id}/update\u003c/code\u003e or \u003ccode\u003e/api/v1/channels/{channel_id}/messages/{victim_message_id}/delete\u003c/code\u003e endpoint, bypassing frontend controls.\u003c/li\u003e\n\u003cli\u003eThe backend API validates the attacker\u0026rsquo;s channel access (read permission) but fails to verify message ownership.\u003c/li\u003e\n\u003cli\u003eThe victim\u0026rsquo;s message is modified or deleted, leading to data manipulation or denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this IDOR vulnerability enables unauthorized modification and deletion of messages within Open WebUI channels. Users with only read access can gain write/delete capabilities over other users\u0026rsquo; content, potentially leading to the alteration of critical information, disruption of communication, and undermining the integrity of audit trails. This vulnerability affects Open WebUI instances with channels enabled, potentially impacting any collaborative environments relying on message integrity.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Open WebUI Message Modification via IDOR\u0026rdquo; to identify potential exploitation attempts by monitoring POST requests to the message update endpoint (\u003ccode\u003e/api/v1/channels/{channel_id}/messages/{victim_message_id}/update\u003c/code\u003e) and DELETE requests to the message delete endpoint (\u003ccode\u003e/api/v1/channels/{channel_id}/messages/{victim_message_id}/delete\u003c/code\u003e) in the \u003ccode\u003ewebserver\u003c/code\u003e logs.\u003c/li\u003e\n\u003cli\u003eApply the remediation steps recommended by the vendor, which includes implementing proper message ownership validation in the update and delete endpoints to prevent unauthorized message modification and deletion.\u003c/li\u003e\n\u003cli\u003eUpgrade Open WebUI to a version later than 0.6.18 to patch CVE-2026-44569.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-11T14:08:25Z","date_published":"2026-05-11T14:08:25Z","id":"https://feed.craftedsignal.io/briefs/2026-05-open-webui-idor/","summary":"Open WebUI versions 0.6.18 and earlier are vulnerable to an insecure direct object reference (IDOR) in the channels message management system; authenticated users with read access to a channel can modify or delete any message within that channel due to missing message ownership validation in the message update and delete endpoints.","title":"Open WebUI Insecure Direct Object Reference in Channel Messages","url":"https://feed.craftedsignal.io/briefs/2026-05-open-webui-idor/"}],"language":"en","title":"CraftedSignal Threat Feed — Open-Webui (\u003c= 0.6.18)","version":"https://jsonfeed.org/version/1.1"}