CVE-2026-45398
7.5 HIGHOpen WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline
Published: 2026-05-15 · Last updated: 2026-05-19
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-639
Affected products
| Vendor | Product |
|---|---|
| openwebui | open_webui |
Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, _validate_collection_access() checks the user-memory-* and file-* collection name prefixes but does not check knowledge base collections, which use raw UUIDs as collection names. Any authenticated user who knows a private knowledge base UUID can read its content through the retrieval query endpoints, even though the knowledge API correctly denies that user access. The same gap affects the retrieval write endpoints (/process/text, /process/file, /process/files/batch, /process/web, /process/youtube), allowing an attacker to inject content into or overwrite another user's knowledge base. This vulnerability is fixed in 0.9.5.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-45398
- [Patch]https://github.com/open-webui/open-webui/pull/22109
- [Other]https://github.com/open-webui/open-webui/releases/tag/v0.9.5
- [Vendor advisory]https://github.com/open-webui/open-webui/security/advisories/GHSA-4g37-7p2c-38r9
- [Vendor advisory]https://github.com/open-webui/open-webui/security/advisories/GHSA-4g37-7p2c-38r9
Related CVEs
Same vendor
- CVE-2026-45667 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (6.5 MEDIUM)
- CVE-2026-45666 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (6.5 MEDIUM)
- CVE-2026-45665 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (8.1 HIGH)
- CVE-2026-45365 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (5.4 MEDIUM)
- CVE-2026-45351 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline (6.5 MEDIUM)
Same CWE
- CVE-2026-53863 — OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs (7.1 HIGH)
- CVE-2026-10780 — The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2 (4.3 MEDIUM)
- CVE-2026-48599 — Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify res...
- CVE-2026-52699 — Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions (7.5 HIGH)
- CVE-2026-48872 — Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2 versions (7.5 HIGH)