Open WebUI, a self-hosted artificial intelligence platform, permits users with write permissions to a knowledge base to delete files without verifying that the file actually belongs to that base. This missing authorization check (CWE-862) allows a malicious actor to remove arbitrary files by specifying a known file identifier, potentially causing irreversible data loss or exposure of sensitive information. The vulnerability is therefore a medium-severity data-exposure and integrity risk for affected deployments.

The flaw affects all installations of the Open WebUI product provided by open-webui that are running any version earlier than 0.8.6, regardless of operating system or deployment environment. The vulnerability is not limited to a specific platform or operating system; the only requirement is that the open-webui instance is reachable and the attacker can obtain a file identifier.

The CVSS score of 5.4 indicates a medium severity posture. Exploitation requires that the assailant has write access to a knowledge base, which may be achieved through legitimate credentials or privilege escalation. Once that condition is met, the attacker can delete any file by supplying its identifier, without further authentication. The EPSS score is currently unavailable, and the vulnerability is not listed in the CISA KEV catalog, implying that public exploit activity has not yet been documented. Based on the description, the likely attack vector is a web‑application interface that accepts delete requests with a file ID parameter; the missing check is entirely server‑side, so the attack does not require client‑side manipulation. This inference is based on the stated behavior of the platform and the nature of the flaw.