CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1 matches found

Cvelist•added 2026/05/15 8:35 p.m.•34 views

CVE-2026-45398 Open WebUI: IDOR - Retrieval API Bypasses Knowledge Base Access Controls

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, validatecollectionaccess checks the user-memory- and file- collection name prefixes but does not check knowledge base collections, which use raw UUIDs as collection names. Any...

7.5CVSS0.00043EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by