GET /api/v1/memories/ef is accessible without authentication and executes request.app.state.EMBEDDING_FUNCTION(...). This allows any unauthenticated caller to trigger embedding generation which can lead to direct cost exposure if a paid provider is used.
Code reference: backend/open_webui/routers/memories.py (@router.get("/ef") -> calls request.app.state.EMBEDDING_FUNCTION("hello world")).
GET /api/v1/memories/ef is reachable without authentication and triggers request.app.state.EMBEDDING_FUNCTION("hello world"). This crosses an intended security boundary by allowing unauthenticated users to invoke potentially expensive embedding computation and/or paid upstream embedding APIs.
How it can be abused / attacker actions:
/api/v1/memories/ef to:If embeddings are configured to use paid/remote providers (OpenAI/Azure/etc), an attacker can generate unlimited requests and incur charges.
Fixed in commit e5035ea31, first released in v0.8.0 (Feb 2026). The /api/v1/memories/ef route was removed entirely. It was a diagnostic/debug-style endpoint that hard-coded "hello world" through the embedding function without any authentication dependency; there was no legitimate caller that depended on it, so deletion was the cleaner fix than retrofitting auth. Users on >= 0.8.0 are not affected.
| Score | Percentile |
|---|---|
| 0.05% | 16.27% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 6.5 | 3.1 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-m69w-p7m4-585j ↗ |
| CVE | CVE-2026-45667 ↗ |
| CWE id | Name |
|---|---|
| CWE-862 | Missing Authorization |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| pip | open-webui | <= 0.7.2 | 0.8.0 | — |