Authorization bypass through user-controlled key in Open WebUI - CVE-2026-54010
Published: June 30, 2026
Open WebUI
Detailed vulnerability description
The vulnerability allows a remote user to read arbitrary files belonging to other users.
The vulnerability exists due to authorization bypass through a user-controlled key in chat-file association handling when attaching a crafted file_id to a chat message and accessing the shared chat file content endpoint. A remote user can attach an arbitrary victim file_id to an attacker-controlled chat and then request the file content endpoint to read arbitrary files belonging to other users.
The issue requires knowledge of a victim file_id and relies on shared chat access being used to satisfy file authorization.