CVE-2026-45301 Open WebUI: Missing permission check in files API allows authenticated users to list, access and delete every uploaded file
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a missing permission check in all files related API endpoints allows any authenticated user to list, access and delete every file uploaded by every user to the platform. This...