CVE-2026-44560

Open WebUI (self-hosted offline AI platform) contains a vector-search access control flaw in the RAG retrieval path. In get_sources_from_items, non-full-context file/text collection paths can query the vector store without authorization, enabling extraction of content from files and knowledge bas...

CVE-2026-44560 Open WebUI: Unauthorized File and Knowledge Base Content Access via RAG Vector Search

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the type: "file" non-full-context, type: "text" with collectionname, and bare collectionname/collectionnames paths in the getsourcesfromitems function perform vector store queries...

CVE-2026-44560 Open WebUI: Unauthorized File and Knowledge Base Content Access via RAG Vector Search

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the type: "file" non-full-context, type: "text" with collectionname, and bare collectionname/collectionnames paths in the getsourcesfromitems function perform vector store queries...

GHSA-H36F-RQPX-J5WX Open WebUI has Unauthorized File and Knowledge Base Content Access via RAG Vector Search

Unauthorized File and Knowledge Base Content Access via RAG Vector Search Affected Component RAG source resolution in chat completion pipeline: - backend/openwebui/retrieval/utils.py lines 963-965, 1063-1068, 1126-1131 in getsourcesfromitems Affected Versions Current main branch commit 6fdd19bf1...

Open WebUI has Unauthorized File and Knowledge Base Content Access via RAG Vector Search

Unauthorized File and Knowledge Base Content Access via RAG Vector Search Affected Component RAG source resolution in chat completion pipeline: - backend/openwebui/retrieval/utils.py lines 963-965, 1063-1068, 1126-1131 in getsourcesfromitems Affected Versions Current main branch commit 6fdd19bf1...

PT-2026-39277

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The get sources from items function resolves file and knowledge base references into vector search queries during chat completion. Certain code paths perform vector store queries without...

0xgasless-mcp (>=1.0.3 <=1.0.5), 4d-vector-search (>=1.0.0 <=1.0.1) +2211 more potentially affected by CVE-2026-25528 via langsmith (>=0.3.7 <=0.4.12)

langsmith NPM version =0.3.7, =1.0.3, =1.0.0, =1.11.0, =0.0.5, =0.0.1, =1.0.0, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =1.0.6, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2026-25528 Source advisory: SNYK:JS-LANGSMITH-15253025...

EUVD-2026-5567

Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled ondisk.logfile path. Minimal privileges are required read-only access. This vulnerability is fixed in 1.16.0...

EUVD-2025-204305

An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed...

CVE-2025-63390

An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed...

CVE-2025-63390

An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed...

PT-2025-52256

Name of the Vulnerable Software and Affected Versions AnythingLLM version 1.8.5 Description An authentication bypass allows unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. The issue is due to missing authentication checks in the...

CVE-2025-63390

An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed...

Balancing Privacy and Efficiency: Music Information Retrieval Via Additive Homomorphic Encryption

In the era of generative AI, ensuring the privacy of music data presents unique challenges: unlike static artworks such as images, music data is inherently temporal and multimodal, and it is sampled, transformed, and remixed at an unprecedented scale. These characteristics make its core vector...

aerospike-vector-search (>=1.0.0 <=4.2.0), agent-amory-core (=0.1.1) +438 more potentially affected by CVE-2025-4565 via protobuf (>=5.26.0rc2 <=5.29.4)

protobuf PYPI version =5.26.0rc2, =1.0.0, =0.1.0, =0.1.0, =0.82.3, =2.47.9, =0.1.8, =0.1.4, =0.0.10, =0.4.1, =1.0.3, =1.0.0, =0.1.1, =0.5.0, =0.7.3, =0.7.4 and more Source cves: CVE-2025-4565 Source advisory: OSV:GHSA-8QVM-5X2C-J2W7...

aerospike-vector-search (>=1.0.0 <=4.2.0), agent-amory-core (=0.1.1) +438 more potentially affected by CVE-2025-4565 via protobuf (>=5.26.0rc2 <=5.29.4)

protobuf PYPI version =5.26.0rc2, =1.0.0, =0.1.0, =0.1.0, =0.82.3, =2.47.9, =0.1.8, =0.1.4, =0.0.10, =0.4.1, =1.0.3, =1.0.0, =0.1.1, =0.5.0, =0.7.3, =0.7.4 and more Source cves: CVE-2025-4565 Source advisory: SNYK:PYTHON-PROTOBUF-10364902...

Repository Vector Search Methods

The emergence of Large Language Models LLM has propelled Generative AI and surfaced one of its key components to a broad audience: Embeddings. Embeddings are a vector representation of data in a high-dimensional space capturing their semantic meaning. Vector representations allow for more efficie...

HoneyBee: Efficient Role-Based Access Control for Vector Databases Via Dynamic Partitioning

As vector databases gain traction in enterprise applications, robust access control has become critical to safeguard sensitive data. Access control in these systems is often implemented through hybrid vector queries, which combine nearest neighbor search on vector data with relational predicates...

CVE-2024-41950

Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja...