31 matches found
CVE-2026-45397
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, GET /api/v1/retrieval/ returns live RAG pipeline configuration to any unauthenticated HTTP client. No Authorization header, cookie, or API key is required. Every adjacent endpoint on...
CVE-2026-45401
CVE-2026-45401 affects Open WebUI and describes an SSRF bypass: before version 0.9.5, the validate_url() check only validated the initial URL, while downstream HTTP clients (requests, aiohttp, LangChain WebBaseLoader) follow HTTP 3xx redirects by default and do not re-validate the redirected targ...
CVE-2026-45397 Open WebUI: Unauthenticated RAG Configuration Disclosure
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, GET /api/v1/retrieval/ returns live RAG pipeline configuration to any unauthenticated HTTP client. No Authorization header, cookie, or API key is required. Every adjacent endpoint on...
EUVD-2026-30629
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, GET /api/v1/retrieval/ returns live RAG pipeline configuration to any unauthenticated HTTP client. No Authorization header, cookie, or API key is required. Every adjacent endpoint on...
CVE-2026-44554
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/retrieval/process/web endpoint accepts a user-supplied collectionname and an overwrite query parameter default: True. It performs no authorization check on whether t...
EUVD-2026-30622
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/retrieval/process/web endpoint accepts a user-supplied collectionname and an overwrite query parameter default: True. It performs no authorization check on whether t...
Open WebUI 访问控制错误漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.5 contained a security vulnerability related to access control. This vulnerability stemmed from the lack of authentication for the GET /api/v1/retrieval endpoint,...
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under the open source Open WebUI project. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the POST /api/v1/retrieval/process/web endpoint accepting parameter...
Open WebUI Vulnerable to Unauthenticated RAG Configuration Disclosure
Vulnerability Type: Information Disclosure / Missing Authentication Severity: Medium Component: backend/openwebui/routers/retrieval.py — getstatus GET / Affected Endpoint: GET /api/v1/retrieval/ Affected Version: Open WebUI main branch — confirmed unpatched through v0.9.2 Authentication Required:...
GHSA-65PG-QHHW-MXWG Open WebUI Vulnerable to Unauthenticated RAG Configuration Disclosure
Vulnerability Type: Information Disclosure / Missing Authentication Severity: Medium Component: backend/openwebui/routers/retrieval.py — getstatus GET / Affected Endpoint: GET /api/v1/retrieval/ Affected Version: Open WebUI main branch — confirmed unpatched through v0.9.2 Authentication Required:...
PT-2026-41192
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description An information disclosure issue exists where the 'GET /api/v1/retrieval/' endpoint returns live RAG Retrieval-Augmented Generation pipeline configuration to any unauthenticated HTTP client. No...
EUVD-2026-29881
GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. The endpoint lacks proper authentication and authorization checks, resulting in unauthorized access ...
CVE-2026-44341 GoJobs: Insecure Direct Object Reference (IDOR) in Job Retrieval Endpoint
GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. The endpoint lacks proper authentication and authorization checks, resulting in unauthorized access ...
CVE-2026-44341 GoJobs: Insecure Direct Object Reference (IDOR) in Job Retrieval Endpoint
GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. The endpoint lacks proper authentication and authorization checks, resulting in unauthorized access ...
GHSA-7R82-QHG4-6WVJ Open WebUI has Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite
Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite Affected Component Retrieval web/YouTube processing endpoints: - backend/openwebui/routers/retrieval.py lines 1810-1837, processweb - backend/openwebui/routers/retrieval.py the parallel processyoutube endpoint -...
PT-2026-39271
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The 'POST /api/v1/retrieval/process/web' endpoint accepts a user-supplied collection name and an overwrite query parameter, which defaults to True. The system fails to perform authorization checks...
CVE-2026-29071
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via /api/v1/retrieval/query/collection. Version 0.8.6 patches the issue...
CVE-2026-29071 Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via /api/v1/retrieval/query/collection. Version 0.8.6 patches the issue...
CVE-2026-3115
A flaw was found in Mattermost. Authenticated guest users can exploit this vulnerability by retrieving group member IDs through the group retrieval endpoint. This failure to apply view restrictions allows them to enumerate user IDs that are outside their permitted visibility scope, leading to...
CVE-2026-3115
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to apply view restrictions when retrieving group member IDs, which allows authenticated guest users to enumerate user IDs outside their allowed visibility scope via the group retrieval endpoint...