From 965cd18b2b8c446d843dffb1a3088ebcaaf2ae87 Mon Sep 17 00:00:00 2001 From: Classic298 <27028174+Classic298@users.noreply.github.com> Date: Sat, 13 Jun 2026 00:46:32 +0200 Subject: [PATCH] Improve GHSA-cggw-334c-f4mj --- .../GHSA-cggw-334c-f4mj.json | 28 +++++++++++++++++-- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/advisories/unreviewed/2026/01/GHSA-cggw-334c-f4mj/GHSA-cggw-334c-f4mj.json b/advisories/unreviewed/2026/01/GHSA-cggw-334c-f4mj/GHSA-cggw-334c-f4mj.json index c8ae8c528a8d8..8f3c82aa60ba5 100644 --- a/advisories/unreviewed/2026/01/GHSA-cggw-334c-f4mj/GHSA-cggw-334c-f4mj.json +++ b/advisories/unreviewed/2026/01/GHSA-cggw-334c-f4mj/GHSA-cggw-334c-f4mj.json @@ -1,24 +1,46 @@ { "schema_version": "1.4.0", "id": "GHSA-cggw-334c-f4mj", - "modified": "2026-01-23T06:31:24Z", + "modified": "2026-01-23T06:31:33Z", "published": "2026-01-23T06:31:24Z", "aliases": [ "CVE-2026-0766" ], - "details": "Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the load_tool_module_by_id function. The issue results from the lack of proper validation of a user-supplied string before using it to execute Python code. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28257.", + "summary": "[DISPUTED BY VENDOR] Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability", + "details": "> **DISPUTED BY VENDOR (Open WebUI maintainers).** This advisory does not describe a vulnerability. `load_tool_module_by_id` calls `exec()` on user-authored Tool source, which is the documented purpose of the Tools feature (equivalent to Jupyter notebooks, n8n Code nodes, Home Assistant python_script), reachable only by administrators or users explicitly granted the `workspace.tools` permission (disabled by default; documented as equivalent to shell access). Out of scope per the Open WebUI security policy (Rules 1, 9, 10). The corresponding report was filed via the project's GHSA channel (GHSA-7r58-pxmj-gxxc) and closed as out-of-scope; the CVE was published by ZDI in disregard of that vendor disposition. A formal REJECT request is pending with MITRE. See: https://docs.openwebui.com/security/vendor-dispositions/cve-2026-0766/\n\n---\n\nOpen WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the load_tool_module_by_id function. The issue results from the lack of proper validation of a user-supplied string before using it to execute Python code. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28257.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], - "affected": [], + "affected": [ + { + "package": { + "ecosystem": "PyPI", + "name": "" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + } + ] + } + ] + } + ], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0766" }, + { + "type": "WEB", + "url": "https://docs.openwebui.com/security/vendor-dispositions/cve-2026-0766" + }, { "type": "WEB", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-032"