EUVD-2026-30606

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delete files owned by other users via DELETE /api/v1/files/id when the target file is referenced in any shared chat. The hasaccesstofile...

Open WebUI 访问控制错误漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.3.16 contained a access control vulnerability. This vulnerability stemmed from the lack of permission checks for file-related API endpoints, which could allow any...

CVE-2026-28736

Focalboard 8.0 is affected by an IDOR-like issue in the file content endpoint: it fails to validate ownership when serving uploaded files, enabling an authenticated user who knows a victim’s fileID to read that file’s content. The vulnerability stems from insufficient access checks for file retri...

CVE-2025-9615

A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added t...

FileRise 访问控制错误漏洞

FileRise is a lightweight, self-hosted web-based file manager by Ryan Personal Developer. An access control error vulnerability exists in FileRise versions prior to 1.4.0, which stems from a business logic flaw in file or folder handling that could cause a low-privileged user to perform...