Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/05/15 8:40 p.m.9 views

CVE-2026-45402 Open WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, multiple endpoints accept a user-supplied fileid and attach the referenced file to a resource the caller controls folder knowledge, knowledge-base contents without verifying that the...

8.1CVSS5.8AI score0.00346EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 8:40 p.m.15 views

EUVD-2026-30637

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, multiple endpoints accept a user-supplied fileid and attach the referenced file to a resource the caller controls folder knowledge, knowledge-base contents without verifying that the...

8.1CVSS5.8AI score0.00346EPSS
Exploits1References1
OSV
OSV
added 2026/05/15 8:40 p.m.3 views

CVE-2026-45402 Open WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, multiple endpoints accept a user-supplied fileid and attach the referenced file to a resource the caller controls folder knowledge, knowledge-base contents without verifying that the...

8.1CVSS5.9AI score0.00346EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.20 views

PT-2026-39267

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description Open WebUI is a self-hosted artificial intelligence platform. A mass assignment issue exists where the FolderForm uses a configuration that permits arbitrary fields to pass through Pydantic...

5CVSS5.9AI score0.00287EPSS
Exploits1References5
Rows per page
Query Builder