github · Classic298 · Jun 12, 2026
diff --git a/advisories/unreviewed/2026/01/GHSA-cggw-334c-f4mj/GHSA-cggw-334c-f4mj.json b/advisories/unreviewed/2026/01/GHSA-cggw-334c-f4mj/GHSA-cggw-334c-f4mj.json
@@ -1,24 +1,46 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cggw-334c-f4mj",
-  "modified": "2026-01-23T06:31:24Z",
+  "modified": "2026-01-23T06:31:33Z",
   "published": "2026-01-23T06:31:24Z",
   "aliases": [
     "CVE-2026-0766"
   ],
-  "details": "Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the load_tool_module_by_id function. The issue results from the lack of proper validation of a user-supplied string before using it to execute Python code. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28257.",
+  "summary": "[DISPUTED BY VENDOR] Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability",
+  "details": "> **DISPUTED BY VENDOR (Open WebUI maintainers).** This advisory does not describe a vulnerability. `load_tool_module_by_id` calls `exec()` on user-authored Tool source, which is the documented purpose of the Tools feature (equivalent to Jupyter notebooks, n8n Code nodes, Home Assistant python_script), reachable only by administrators or users explicitly granted the `workspace.tools` permission (disabled by default; documented as equivalent to shell access). Out of scope per the Open WebUI security policy (Rules 1, 9, 10). The corresponding report was filed via the project's GHSA channel (GHSA-7r58-pxmj-gxxc) and closed as out-of-scope; the CVE was published by ZDI in disregard of that vendor disposition. A formal REJECT request is pending with MITRE. See: https://docs.openwebui.com/security/vendor-dispositions/cve-2026-0766/\n\n---\n\nOpen WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the load_tool_module_by_id function. The issue results from the lack of proper validation of a user-supplied string before using it to execute Python code. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28257.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": ""
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0766"
     },
+    {
+      "type": "WEB",
+      "url": "https://docs.openwebui.com/security/vendor-dispositions/cve-2026-0766"
+    },
     {
       "type": "WEB",
       "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-032"