CVE-2026-28786 - Vulnerability Details

- Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a `FileNotFoundError` whose message — including the server's absolute `DATA_DIR` path — is returned verbatim in the HTTP 400 response body, confirming information disclosure on all default deployments. Version 0.8.6 patches the issue.

Published: 2026-03-26

Score: 4.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An unsanitized filename field in the speech‑to‑text transcription endpoint causes a FileNotFoundError whose message includes the server’s absolute DATA_DIR path. The HTTP 400 response returns this message verbatim, revealing directory structure information to any authenticated non‑admin user. The vulnerability does not allow remote code execution but does enable an attacker to gather internal file system details that could assist further attacks.

Affected Systems

Open WebUI, versions prior to 0.8.6, across all default deployments. The affected component is the /api/v1/audio/transcriptions endpoint in the self‑hosted artificial intelligence platform.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate impact, and the EPSS score below 1% suggests low likelihood of exploitation in the wild. It is not listed in the CISA KEV catalog. Attackers need authenticated non‑admin access to trigger the error, so the threat is limited to users who can log in to the application. Nonetheless, disclosure of absolute paths can aid attackers in mapping the system, so the risk is non‑zero for exposed deployments.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

open-webui

affected

Version	Status	Constraints
`< 0.8.6`	affected	—

Configuration 1 [-]

cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Open-webui

100%

Version	Status	Scheme	Platform
`[0,0.8.6)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Open WebUI to version 0.8.6 or later, which removes the vulnerable filename handling.
Verify that the /api/v1/audio/transcriptions endpoint no longer returns file path information in error responses.
Ensure that only authorized administrators have permissions that could lead to unintended information disclosure.
If an upgrade is not immediately possible, temporarily disable detailed error messages in the application configuration to prevent path disclosure.

Generated by OpenCVE AI on March 30, 2026 at 18:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-vvxm-vxmr-624h	Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00021.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/open-webui/open-webui/security/advisories/GHSA-vvxm-vxmr-624h

History

Mon, 30 Mar 2026 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Openwebui Openwebui open Webui
CPEs		cpe:2.3:a:openwebui:open_webui::::::::
Vendors & Products		Openwebui Openwebui open Webui

Fri, 27 Mar 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 27 Mar 2026 08:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Open-webui Open-webui open-webui
Vendors & Products		Open-webui Open-webui open-webui

Fri, 27 Mar 2026 04:00:00 +0000

Type	Values Removed	Values Added
Description		Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a `FileNotFoundError` whose message — including the server's absolute `DATA_DIR` path — is returned verbatim in the HTTP 400 response body, confirming information disclosure on all default deployments. Version 0.8.6 patches the issue.
Title		Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`
Weaknesses		CWE-209 CWE-22
References		https://github.com/open-webui/open-webui/security/advisories/GHSA-vvxm-vxmr-624h
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}`

Subscriptions

Open-webui Open-webui

Openwebui Open Webui

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-03-26T23:37:25.673Z

Updated: 2026-03-27T13:53:30.683Z

Reserved: 2026-03-03T14:25:19.244Z

Link: CVE-2026-28786

Vulnrichment

Updated: 2026-03-27T13:27:06.627Z

NVD

Status : Analyzed

Published: 2026-03-27T00:16:22.503

Modified: 2026-03-30T17:25:24.573

Link: CVE-2026-28786

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-30T20:57:20Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object