Lucene search
K

4 matches found

CVE
CVE
added 6 days ago8 views

CVE-2026-59217

Open WebUI prior to version 0.10.0 allowed a metadata.knowledge_id value in file uploads to auto-link files to a knowledge base, bypassing the write-access check on /api/v1/knowledge//file/add. This enabled read-only knowledge-base users to add arbitrary files. The issue is fixed in version 0.10....

4.3CVSS6AI score0.00272EPSS
Exploits1References4Affected Software1
OSV
OSV
added 6 days ago2 views

CVE-2026-59217 Open WebUI: Upload `metadata.knowledge_id` bypasses the knowledge-base write-access check (read-only users can add files to KB)

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the file upload path accepted metadata.knowledgeid and auto-linked uploaded files to a target knowledge base without applying the write-access check used by /api/v1/knowledge//file/add, allowing...

4.3CVSS6.2AI score0.00272EPSS
Exploits1References6
OSV
OSV
added 2026/06/17 2:15 p.m.6 views

GHSA-VJQM-6GCC-62CR Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion

Summary Open WebUI lets a user who can create, update, or import workspace models store arbitrary meta.knowledge entries on their model without checking whether they own or can read the referenced files. Open WebUI then treats meta.knowledge entries of type file as an authorization source in two...

7.1CVSS5.7AI score0.00198EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 5:13 a.m.22 views

CVE-2019-3566

A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages, which are not available publicly...

5.9CVSS6.9AI score0.01067EPSS
Exploits0References1
Rows per page
Query Builder