CVE-2026-54012

HIGH EPSS 9.8%
Published Jun 23, 20261w ago · Modified Jun 24, 20261w ago
7.1 CVSS 3.1
High
Find Similar
Published Jun 23, 2026 1w ago
Last Modified Jun 24, 2026 1w ago

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets a user who can create, update, or import workspace models store arbitrary meta.knowledge entries on their model without checking whether they own or can read the referenced files. Open WebUI then treats meta.knowledge entries of type file as an authorization source in two places: the built-in view_file tool reads the file's extracted text, and has_access_to_file()'s model branch authorizes the file content and file delete endpoints. A malicious model owner can therefore attach another user's file ID to their model metadata and read or delete that private file. This vulnerability is fixed in 0.9.6.

CVSS Details

Base Score
7.1
Exploitability
1.6
Impact
5.5
Vector string
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability Low

Threat Intelligence

EPSS Exploit Probability
9.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 3

CWE-284
CWE-285
CWE-862 Missing Authorization Authorization

References 1

  • github.com https://github.com/open-webui/open-webui/security/advisories/GHSA-vjqm-6gcc-62cr

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.