The advisory centers around a significant vulnerability within the Qwen 3.5 model specifically when used with OpenWebUI and web search capabilities enabled. The issue arises from how the system prompt is constructed, which can lead to unintended information leakage or manipulation of the search process by malicious actors. This flaw could potentially allow attackers to influence the output of searches or even execute command injections if not properly mitigated. This has serious security implications for both homelab and production environments where Qwen 3.5 is deployed with web searching enabled, as it undermines the integrity and confidentiality of information retrieval processes.
- Qwen 3.5 Model
- OpenWebUI
- Update to the latest version of Qwen and OpenWebUI if available, or pin your configuration to a secure version.
- Modify system prompt to include strict validation checks on input parameters using `tool.validator.add('search_input', validateSearchInput);` where `validateSearchInput()` is a custom function that sanitizes inputs before they are processed by the web search tool.
- Enable logging and monitoring of search queries for any suspicious activity, configuring `logging.basicConfig(level=logging.INFO)` to track all web search interactions within your environment.
This vulnerability directly impacts homelab setups running Qwen 3.5 with OpenWebUI configured for web searches. Specific software versions include the latest iteration of Qwen and any branch of OpenWebUI where native tool use is enabled via `/config/settings.json`. Users relying on this setup for information retrieval should take immediate steps to mitigate risks, as it could expose sensitive data or allow unauthorized command executions.