Executive Summary

CVE-2026-34222 is a Broken Access Control vulnerability in the Open WebUI platform affecting versions prior to 0.8.11. The issue occurs in the Tool Valves API endpoint, which does not properly restrict read access to sensitive configuration data such as API keys.

Low-privileged users with a "Member" role can exploit this vulnerability by guessing predictable tool IDs and sending requests to the endpoint `/api/v1/tools/id/{id}/valves` to retrieve sensitive valve data without having administrative permissions.

This happens because the endpoint lacks proper authorization checks, allowing unauthorized disclosure of API keys and other sensitive configuration information.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can lead to the disclosure of sensitive configuration data, including API keys for third-party systems integrated with Open WebUI.

An attacker with low privileges can gain unauthorized access to backend services by using the exposed API keys, potentially compromising the security of connected systems.

This can result in unauthorized actions performed within the context of the Open WebUI technical user, increasing the risk of data breaches or misuse of integrated services.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by attempting to access the Tool Valves API endpoint without proper administrative privileges. Specifically, a user with at least "Member" role can try to send a GET request to the endpoint `/api/v1/tools/id/<tool_id>/valves` using their authorization token.

Since tool IDs are predictable, an attacker or tester can guess these IDs and check if sensitive valve data, including API keys, can be retrieved without proper authorization.

A suggested command to test this would be using curl as follows:

• curl -H "Authorization: Bearer <member_user_token>" https://<open_webui_host>/api/v1/tools/id/<tool_id>/valves

If the response contains sensitive valve data or API keys, the system is vulnerable.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade Open WebUI to version 0.8.11 or later, where the vulnerability has been patched by enforcing proper authorization checks on the Tool Valves endpoint.

This update restricts access to the Tool Valves API endpoint to administrators only, preventing low-privileged users from retrieving sensitive API keys.

Until the upgrade can be applied, consider restricting network access to the Open WebUI API endpoints to trusted administrators and monitoring API requests to detect unauthorized access attempts.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability in Open WebUI prior to version 0.8.11 allows low-privileged users to access sensitive configuration data, including API keys for third-party systems, due to broken access control. This unauthorized disclosure of sensitive data could potentially lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require strict controls over access to sensitive information and protection against unauthorized disclosure.

Since the vulnerability enables disclosure of confidential API keys and potentially unauthorized access to backend services, organizations using affected versions of Open WebUI might face increased risk of data breaches or unauthorized data processing, which are critical concerns under these regulations.

The issue was fixed in version 0.8.11 by enforcing proper authorization checks, which helps restore compliance by restricting access to sensitive tool valve data to administrators only.

Useful 0 Not Useful 0