SB2026042441 - Multiple vulnerabilities in Open WebUI
Published: April 24, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 vulnerabilities.
1) Improper access control (CVE-ID: CVE-2026-29070)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to delete arbitrary files.
The vulnerability exists due to improper access control in the knowledge file deletion endpoint when handling file removal requests. A remote user can send a specially crafted request with a file id from another knowledge base to delete arbitrary files.
The issue occurs because the application verifies write access to the current knowledge base but does not verify that the targeted file belongs to that knowledge base.
2) Authorization bypass through user-controlled key (CVE-ID: CVE-2026-28788)
CWE-ID: CWE-639 - Authorization Bypass Through User-Controlled Key
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to overwrite arbitrary files and poison retrieval-augmented generation content.
The vulnerability exists due to improper access control in the process_files_batch() endpoint in backend/open_webui/routers/retrieval.py when handling crafted POST requests to /api/v1/retrieval/process/files/batch. A remote user can submit a file UUID and attacker-controlled content to overwrite arbitrary files and poison retrieval-augmented generation content.
Exploitation requires a valid account and knowledge of a target file UUID, which can be obtained from knowledge bases the user can read.
3) Authorization bypass through user-controlled key (CVE-ID: CVE-2026-29071)
CWE-ID: CWE-639 - Authorization Bypass Through User-Controlled Key
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to improper access control in query_collection_handler in backend/open_webui/routers/retrieval.py when handling requests to /api/v1/retrieval/query/collection with user-controlled collection names. A remote user can send a specially crafted request referencing another user's collection to disclose sensitive information.
The memory exposure applies only when the Memory experimental feature is enabled.
4) Path traversal (CVE-ID: CVE-2026-28786)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to path traversal in POST /api/v1/audio/transcriptions when processing a crafted multipart filename. A remote user can send a specially crafted request to disclose sensitive information.
The issue leaks the server's absolute DATA_DIR path in the HTTP 400 response body, and the route is accessible to verified non-admin users.
Remediation
Install update from vendor's website.
References
- https://github.com/open-webui/open-webui/security/advisories/GHSA-26gm-93rw-cchf
- https://github.com/open-webui/open-webui/security/advisories/GHSA-jjp7-g2jw-wh3j
- https://github.com/open-webui/open-webui/security/advisories/GHSA-w9f8-gxf9-rhvw
- https://github.com/open-webui/open-webui/security/advisories/GHSA-vvxm-vxmr-624h