Improper access control in Open WebUI - CVE-2026-54022
Published: June 30, 2026
Open WebUI
Detailed vulnerability description
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to improper access control in the ydoc:document:join Socket.IO handler and YdocManager document ID normalization when joining a document room with a crafted document identifier. A remote user can use a note_ document ID instead of note: for a target note to disclose sensitive information.
Exploitation requires authentication and knowledge of or the ability to enumerate the target note ID.