CVE-2026-44557

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the validatecollectionaccess function uses an incomplete allowlist that only enforces ownership checks for collections matching user-memory- and file- patterns. All other collection...

CVE-2026-45398

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, validatecollectionaccess checks the user-memory- and file- collection name prefixes but does not check knowledge base collections, which use raw UUIDs as collection names. Any...

CVE-2026-45398

Summary (concrete details from provided docs): Open WebUI before 0.9.5 exposes an IDOR vulnerability in the retrieval API where knowledge base collections (UUID-named) are not checked by _validate_collection_access. This allows any authenticated user who knows a private knowledge base UUID to rea...

CVE-2026-44560

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the type: "file" non-full-context, type: "text" with collectionname, and bare collectionname/collectionnames paths in the getsourcesfromitems function perform vector store queries...

CVE-2026-44557

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the validatecollectionaccess function uses an incomplete allowlist that only enforces ownership checks for collections matching user-memory- and file- patterns. All other collection...

CVE-2026-44557

Open WebUI before v0.9.0 is vulnerable to global knowledge-base enumeration through the retrieval query endpoints. The _validate_collection_access function uses an incomplete allowlist that only enforces ownership for collections starting with user-memory- or file-, allowing any authenticated use...

CVE-2026-44557 Open WebUI: Global Knowledge Base Enumeration via knowledge-bases Meta-Collection

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the validatecollectionaccess function uses an incomplete allowlist that only enforces ownership checks for collections matching user-memory- and file- patterns. All other collection...

CVE-2026-44557 Open WebUI: Global Knowledge Base Enumeration via knowledge-bases Meta-Collection

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the validatecollectionaccess function uses an incomplete allowlist that only enforces ownership checks for collections matching user-memory- and file- patterns. All other collection...

EUVD-2026-30620

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the validatecollectionaccess function uses an incomplete allowlist that only enforces ownership checks for collections matching user-memory- and file- patterns. All other collection...

CVE-2026-44557

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the validatecollectionaccess function uses an incomplete allowlist that only enforces ownership checks for collections matching user-memory- and file- patterns. All other collection...

EUVD-2026-30618

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the type: "file" non-full-context, type: "text" with collectionname, and bare collectionname/collectionnames paths in the getsourcesfromitems function perform vector store queries...

CVE-2026-44560

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the type: "file" non-full-context, type: "text" with collectionname, and bare collectionname/collectionnames paths in the getsourcesfromitems function perform vector store queries...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the validatecollectionaccess function using an incomplete list of allowed collections. Onl...

CVE-2026-42048

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API DELETE /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are concatenated directly into file paths withou...

CVE-2026-42048

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API DELETE /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are concatenated directly into file paths withou...

CVE-2026-42048 Langflow: Path Traversal in Langflow Knowledge Bases API

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API DELETE /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are concatenated directly into file paths withou...

CVE-2026-42048 Langflow: Path Traversal in Langflow Knowledge Bases API

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API DELETE /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are concatenated directly into file paths withou...

CVE-2026-42048

Langflow prior to 1.9.0 is vulnerable to path traversal in the Knowledge Bases API (DELETE /api/v1/knowledge_bases) due to user-supplied kb_names being concatenated into file paths. The issue stems from building paths manually and passing them to deletion without proper normalization, enabling an...

GHSA-H36F-RQPX-J5WX Open WebUI has Unauthorized File and Knowledge Base Content Access via RAG Vector Search

Unauthorized File and Knowledge Base Content Access via RAG Vector Search Affected Component RAG source resolution in chat completion pipeline: - backend/openwebui/retrieval/utils.py lines 963-965, 1063-1068, 1126-1131 in getsourcesfromitems Affected Versions Current main branch commit 6fdd19bf1...

Open WebUI has Unauthorized File and Knowledge Base Content Access via RAG Vector Search

Unauthorized File and Knowledge Base Content Access via RAG Vector Search Affected Component RAG source resolution in chat completion pipeline: - backend/openwebui/retrieval/utils.py lines 963-965, 1063-1068, 1126-1131 in getsourcesfromitems Affected Versions Current main branch commit 6fdd19bf1...