Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a `FileNotFoundError` whose message — including the server's absolute `DATA_DIR` path — is returned verbatim in the HTTP 400 response body, confirming information disclosure on all default deployments. Version 0.8.6 patches the issue.
Published: 2026-03-26
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

An unsanitized filename field in the speech‑to‑text transcription endpoint causes a FileNotFoundError to be thrown. The error message contains the server’s absolute DATA_DIR path, which is returned verbatim in the 400 response. This flaw stems from improper input validation and error handling and aligns with CWE‑209 (Information Exposure Through Error Message) and CWE‑22 (Path Traversal).

Affected Systems

Open WebUI installations running any version earlier than 0.8.6 are vulnerable to this defect. The issue was resolved in version 0.8.6; all releases equal to or newer than that are considered safe.

Risk and Exploitability

The CVSS score of 4.3 reflects moderate severity, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires authentication as a non‑admin user and allows an attacker to gain the absolute file path of the server, potentially aiding further reconnaissance or targeted attacks. Because the EPSS score is unavailable, the likelihood of exploitation is uncertain, yet the disclosure can be valuable for adversaries.

Generated by OpenCVE AI on March 27, 2026 at 06:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open WebUI to version 0.8.6 or newer.
  • Restrict the transcription endpoint to administrative users only.
  • Verify that error messages no longer reveal absolute paths.
  • Monitor logs for FileNotFoundError responses that expose server paths.

Generated by OpenCVE AI on March 27, 2026 at 06:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-vvxm-vxmr-624h Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`
History

Fri, 27 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Open-webui
Open-webui open-webui
Vendors & Products Open-webui
Open-webui open-webui

Fri, 27 Mar 2026 04:00:00 +0000

Type Values Removed Values Added
Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a `FileNotFoundError` whose message — including the server's absolute `DATA_DIR` path — is returned verbatim in the HTTP 400 response body, confirming information disclosure on all default deployments. Version 0.8.6 patches the issue.
Title Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`
Weaknesses CWE-209
CWE-22
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Open-webui Open-webui
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-27T13:53:30.683Z

Reserved: 2026-03-03T14:25:19.244Z

Link: CVE-2026-28786

cve-icon Vulnrichment

Updated: 2026-03-27T13:27:06.627Z

cve-icon NVD

Status : Received

Published: 2026-03-27T00:16:22.503

Modified: 2026-03-27T15:16:51.927

Link: CVE-2026-28786

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:22:45Z

Weaknesses