What is GHSA-m69w-p7m4-585j?

GHSA-m69w-p7m4-585j is a security advisory published by GitHub Security Advisories with Medium severity. Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS)

Which CVE IDs does GHSA-m69w-p7m4-585j cover?

GHSA-m69w-p7m4-585j covers the following CVE IDs: CVE-2026-45667. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-m69w-p7m4-585j?

GHSA-m69w-p7m4-585j has a CVSS v3 base score of 6.5, published by GitHub Security Advisories.

Which products are affected by GHSA-m69w-p7m4-585j?

GHSA-m69w-p7m4-585j affects 1 product, including: pip/open-webui:\u003c= 0.7.2.

GHSA-m69w-p7m4-585jMediumCVSS 6.5

Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS)

Vendor

GitHub Security Advisories

Published

May 14, 2026

Last Modified

May 19, 2026

🔗 CVE IDs covered (1)

CVE-2026-45667 →

📋 Description

### Summary GET `/api/v1/memories/ef` is accessible without authentication and executes `request.app.state.EMBEDDING_FUNCTION(...)`. This allows any unauthenticated caller to trigger embedding generation which can lead to direct cost exposure if a paid provider is used. Code reference: `backend/open_webui/routers/memories.py` (@router.get("/ef") -> calls `request.app.state.EMBEDDING_FUNCTION("hello world"))`. ### Details GET `/api/v1/memories/ef` is reachable without authentication and triggers request.app.state.EMBEDDING_FUNCTION("hello world"). This crosses an intended security boundary by allowing unauthenticated users to invoke potentially expensive embedding computation and/or paid upstream embedding APIs. ### PoC 1. Start Open WebUI in default configuration (no special env hardening; default ENABLE_MEMORIES is true). 2. From an unauthenticated client (no cookies/Authorization header), call: curl -i http://\<host\>:\<port\>/api/v1/memories/ef 3. Observe the server performs embedding generation and returns a response like: - HTTP 200 with JSON containing the result. How it can be abused / attacker actions: - Send repeated requests to `/api/v1/memories/ef` to: - consume CPU/GPU resources (DoS) - generate sustained outbound usage to embedding providers if configured (cost + rate-limit exhaustion) - degrade latency/availability for legitimate users ### Impact If embeddings are configured to use paid/remote providers (OpenAI/Azure/etc), an attacker can generate unlimited requests and incur charges. ## Resolution Fixed in commit [e5035ea31](https://github.com/open-webui/open-webui/commit/e5035ea31e179977e805a7032c979ff59a71860a), first released in **v0.8.0** (Feb 2026). The `/api/v1/memories/ef` route was removed entirely. It was a diagnostic/debug-style endpoint that hard-coded `"hello world"` through the embedding function without any authentication dependency; there was no legitimate caller that depended on it, so deletion was the cleaner fix than retrofitting auth. Users on `>= 0.8.0` are not affected.

🎯 Affected products1

pip/open-webui:<= 0.7.2

🔗 CVE IDs covered (1)

📋 Description

🎯 Affected products1

🔗 References (5)