Incorrect authorization in Open WebUI - #VU136845
Published: July 3, 2026
Open WebUI
Detailed vulnerability description
The vulnerability allows a remote user to modify or delete another user's file.
The vulnerability exists due to improper access control in model meta.knowledge file handling when attaching a readable file ID to an attacker-controlled workspace model. A remote user can create or update a model that references the file to modify or delete another user's file.
Exploitation requires Models workspace access and read-only access to the target file through a knowledge-base grant.