CVE-2026-29070 - Vulnerability Details

- Open WebUI has unauthorized deletion of knowledge files

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base (or is admin), but NOT that the file actually belongs to this knowledge base. It is thus possible to delete arbitrary files from arbitrary knowledge bases (as long as one knows the file id). Version 0.8.6 patches the issue.

Published: 2026-03-26

Score: 5.4 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Open WebUI allows users with write access to a knowledge base to delete files from any knowledge base if the file identifier is known. The system only checks that the user is authorized to write to the target knowledge base; it does not confirm that the file actually belongs to that base. This missing authorization check (CWE-862) enables arbitrary file removal, which can compromise data integrity and disrupt operations. The vulnerability is present in all releases prior to version 0.8.6 and is fixed in that release.

Affected Systems

The affected product is Open WebUI, a self‑hosted artificial intelligence platform identified as open‑webui:open‑webui. All versions older than 0.8.6 are impacted; version 0.8.6 and later contain a patch that enforces proper ownership checks for file deletion.

Risk and Exploitability

The CVSS score of 5.4 indicates moderate severity, while an EPSS score below 1% suggests that automated exploitation is unlikely. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires the attacker to have authenticated write permission on at least one knowledge base and knowledge of the target file’s identifier; no public remote execution is possible. Nonetheless, an insider with low privileges could cause data loss or business disruption by deleting critical files from other knowledge bases.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

open-webui

affected

Version	Status	Constraints
`< 0.8.6`	affected	—

Configuration 1 [-]

cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Open-webui

100%

Version	Status	Scheme	Platform
`[0,0.8.6)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Open WebUI to version 0.8.6 or later
Restrict write permissions on knowledge bases to trusted users
Ensure only administrators can delete files if appropriate

Generated by OpenCVE AI on April 2, 2026 at 05:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-26gm-93rw-cchf	Open WebUI has unauthorized deletion of knowledge files

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00038.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/open-webui/open-webui/security/advisories/GHSA-26gm-93rw-cchf

History

Wed, 01 Apr 2026 23:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Openwebui Openwebui open Webui
CPEs		cpe:2.3:a:openwebui:open_webui::::::::
Vendors & Products		Openwebui Openwebui open Webui

Mon, 30 Mar 2026 12:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 27 Mar 2026 08:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Open-webui Open-webui open-webui
Vendors & Products		Open-webui Open-webui open-webui

Fri, 27 Mar 2026 04:00:00 +0000

Type	Values Removed	Values Added
Description		Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base (or is admin), but NOT that the file actually belongs to this knowledge base. It is thus possible to delete arbitrary files from arbitrary knowledge bases (as long as one knows the file id). Version 0.8.6 patches the issue.
Title		Open WebUI has unauthorized deletion of knowledge files
Weaknesses		CWE-862
References		https://github.com/open-webui/open-webui/security/advisories/GHSA-26gm-93rw-cchf
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}`

Subscriptions

Open-webui Open-webui

Openwebui Open Webui

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-03-26T23:39:33.197Z

Updated: 2026-03-30T11:49:56.855Z

Reserved: 2026-03-03T20:51:43.482Z

Link: CVE-2026-29070

Vulnrichment

Updated: 2026-03-30T11:49:53.937Z

NVD

Status : Analyzed

Published: 2026-03-27T00:16:22.823

Modified: 2026-04-01T16:10:43.933

Link: CVE-2026-29070

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-02T07:56:02Z

Weaknesses

CWE-862

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object