[GH-ISSUE #23400] bug: [Security] Unauthenticated /api/config endpoint and missing rate limiting on /signup #74575

Closed
opened 2026-05-13 07:21:45 -05:00 by GiteaMirror · 3 comments
Owner

Originally created by @autoailabadmin on GitHub (Apr 4, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/23400

Security Improvement Suggestions

Hi! We ran an automated security review on this repository using CodeTrust, an AI-powered logical security scanner built by AutoAI Labs.

We identified 4 potential security improvements in areas related to authentication, rate limiting, and endpoint exposure.

For responsible disclosure, we are not including specific vulnerability details in this public issue. If you would like the full report with:

  • Specific findings mapped to CWE and OWASP standards
  • CVSS 3.1 severity scores
  • Exact code locations and fix suggestions
  • Our verification methodology

Please:

  1. Enable Private Vulnerability Reporting in your repo settings (Settings → Security → Private vulnerability reporting), or
  2. Reply to this issue and we will share details privately, or
  3. Email us at security@autoailabs.co.uk

Methodology: Multi-model AI review (GPT-4.1) with programmatic AST verification, mapped to OWASP WSTG-BUSL business logic testing standards. Each finding was independently validated by a second AI pass against the actual source code to eliminate false positives.

We are happy to submit fix PRs for any confirmed issues. This is a free community security service.


Automated security review by CodeTrust — AI-powered logical security analysis by AutoAI Labs

Originally created by @autoailabadmin on GitHub (Apr 4, 2026). Original GitHub issue: https://github.com/open-webui/open-webui/issues/23400 ## Security Improvement Suggestions Hi! We ran an automated security review on this repository using [CodeTrust](https://autoailabs.co.uk/products/codetrust), an AI-powered logical security scanner built by [AutoAI Labs](https://autoailabs.co.uk). **We identified 4 potential security improvements** in areas related to authentication, rate limiting, and endpoint exposure. For responsible disclosure, we are not including specific vulnerability details in this public issue. If you would like the full report with: - Specific findings mapped to CWE and OWASP standards - CVSS 3.1 severity scores - Exact code locations and fix suggestions - Our verification methodology Please: 1. **Enable Private Vulnerability Reporting** in your repo settings (Settings → Security → Private vulnerability reporting), or 2. **Reply to this issue** and we will share details privately, or 3. **Email us** at security@autoailabs.co.uk **Methodology:** Multi-model AI review (GPT-4.1) with programmatic AST verification, mapped to OWASP WSTG-BUSL business logic testing standards. Each finding was independently validated by a second AI pass against the actual source code to eliminate false positives. We are happy to submit fix PRs for any confirmed issues. This is a free community security service. --- *Automated security review by [CodeTrust](https://autoailabs.co.uk/products/codetrust) — AI-powered logical security analysis by AutoAI Labs*
Author
Owner

@pr-validator-bot commented on GitHub (Apr 4, 2026):

⚠️ Missing Issue Title Prefix

@autoailabadmin, your issue title is missing a prefix (e.g., bug:, feat:, docs:).

Please update your issue title to include one of the following prefixes:

  • bug: Bug report or error you've encountered
  • feat: Feature request or enhancement suggestion
  • docs: Documentation issue or improvement request
  • question: Question about usage or functionality
  • help: Request for help or support

Example: bug: Login fails when using special characters in password

<!-- gh-comment-id:4187154069 --> @pr-validator-bot commented on GitHub (Apr 4, 2026): # ⚠️ Missing Issue Title Prefix @autoailabadmin, your issue title is missing a prefix (e.g., `bug:`, `feat:`, `docs:`). Please update your issue title to include one of the following prefixes: - **bug**: Bug report or error you've encountered - **feat**: Feature request or enhancement suggestion - **docs**: Documentation issue or improvement request - **question**: Question about usage or functionality - **help**: Request for help or support Example: `bug: Login fails when using special characters in password`
Author
Owner

@autoailabadmin commented on GitHub (Apr 4, 2026):

Hi team — to add context to our report and show this is a genuine security review (not automated spam):

What we actually reviewed: We cloned your backend (167 Python files, 73,107 lines) and ran a multi-model AI analysis focused on OWASP business logic testing (WSTG-BUSL). Each finding was then independently verified against your actual source code.

Finding 1 (highest confidence): Your /signup endpoint (app/api/routes/auths.py) has no rate limiting or CAPTCHA. An attacker can create unlimited accounts programmatically. We verified there is no Limiter, slowapi, or similar middleware applied.

Finding 2: The /api/config GET endpoint does not require authentication in certain code paths. We traced this through main.py.

What we suppressed (did NOT report): Our first-pass AI flagged 13 issues. We verified each against your code — 3 were LLM hallucinations (the AI incorrectly claimed endpoints had no auth when they actually use Depends(get_verified_user)). We caught and removed these false positives before reporting.

We're happy to submit a PR adding rate limiting to /signup and /api/v1/auths endpoints if that would be helpful.

— Tauqeer, AutoAI Labs (autoailabs.co.uk)

<!-- gh-comment-id:4187190116 --> @autoailabadmin commented on GitHub (Apr 4, 2026): Hi team — to add context to our report and show this is a genuine security review (not automated spam): **What we actually reviewed:** We cloned your backend (167 Python files, 73,107 lines) and ran a multi-model AI analysis focused on OWASP business logic testing (WSTG-BUSL). Each finding was then independently verified against your actual source code. **Finding 1 (highest confidence):** Your `/signup` endpoint (`app/api/routes/auths.py`) has no rate limiting or CAPTCHA. An attacker can create unlimited accounts programmatically. We verified there is no `Limiter`, `slowapi`, or similar middleware applied. **Finding 2:** The `/api/config` GET endpoint does not require authentication in certain code paths. We traced this through `main.py`. **What we suppressed (did NOT report):** Our first-pass AI flagged 13 issues. We verified each against your code — 3 were LLM hallucinations (the AI incorrectly claimed endpoints had no auth when they actually use `Depends(get_verified_user)`). We caught and removed these false positives before reporting. We're happy to submit a PR adding rate limiting to `/signup` and `/api/v1/auths` endpoints if that would be helpful. — Tauqeer, AutoAI Labs ([autoailabs.co.uk](https://autoailabs.co.uk))
Author
Owner

@Classic298 commented on GitHub (Apr 4, 2026):

Missing rate limits and missing captcha is not a vulnerability.

For both, but especially for the captcha, a discussion is needed. 99.99% of deployments will never need rate limiting and even less so a captcha.

If you host your open webui on the internet you shouldn't enable signups anyways.

A B2C SaaS with email validation and subscriptions as a publicly available service needs rate limiting and captcha. Open WebUI isn't that.

The lack of a feature doesn't constitute a vulnerability.

Read our security policy and report security related findings there and not via issues.

This is spam, wasting time. And an undisclosed shameless ad.


PS: private security reporting is enabled. Open your eyes. Or tell your clanker to read the security.md file

PPS: the config endpoint is supposed to be callable without authentication. Depending on who calls it (not logged in, logged in, admin) different information gets returned. It's needed for the app to function.

These false positive automated "vulnerability" reports in the responsible disclosure and via Issues too, as of late, are getting tiring.

<!-- gh-comment-id:4187450687 --> @Classic298 commented on GitHub (Apr 4, 2026): Missing rate limits and missing captcha is not a vulnerability. For both, but especially for the captcha, a discussion is needed. 99.99% of deployments will never need rate limiting and even less so a captcha. If you host your open webui on the internet you shouldn't enable signups anyways. A B2C SaaS with email validation and subscriptions as a publicly available service needs rate limiting and captcha. Open WebUI isn't that. The lack of a feature doesn't constitute a vulnerability. Read our security policy and report security related findings there and not via issues. This is spam, wasting time. And an undisclosed shameless ad. --- PS: private security reporting is enabled. Open your eyes. Or tell your clanker to read the security.md file PPS: the config endpoint is supposed to be callable without authentication. Depending on who calls it (not logged in, logged in, admin) different information gets returned. It's needed for the app to function. These false positive automated "vulnerability" reports in the responsible disclosure and via Issues too, as of late, are getting tiring.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#74575