Open WebUI Background Task Authorization Vulnerability Allowing Disruption of User Tasks

A broken object-level authorization vulnerability has been identified in Open WebUI versions prior to 0.9.0. This vulnerability allows authenticated users with low privileges to enumerate and terminate active background tasks belonging to other users. The issue arises because the affected API endpoints do not verify task ownership, enabling users to disrupt system-wide chat functionality by canceling ongoing tasks. This vulnerability impacts the integrity and usability of the platform in multi-user environments.

Impact

Exploitation of this vulnerability allows for cross-user task ID disclosure and the unauthorized cancellation of tasks, disrupting ongoing chat responses and shared background processes. This creates a practical denial-of-service condition for chat functionality across the platform, particularly affecting users with active tasks.

Reproduction

To reproduce this vulnerability, log in as a low-privileged authenticated user in a multi-user Open WebUI deployment. Use the 'GET /api/tasks' endpoint to enumerate all active tasks, including those belonging to other users. Then, select a task ID that does not belong to the user and use the 'POST /api/tasks/stop/{task_id}' endpoint to cancel the task. This process can be repeated to disrupt multiple users' tasks.

Remediation

Users can update to Open WebUI version 0.9.0 or later, where this vulnerability has been fixed. Instructions for updating can be found in the Open WebUI repository.