Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via `/api/v1/retrieval/query/collection`. Version 0.8.6 patches the issue.
Published: 2026-03-26
Score: 3.1 Low
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized read of private memory
Action: Apply patch
AI Analysis

Impact

Open WebUI permits any authenticated user to read other users' private memories through the /api/v1/retrieval/query/collection endpoint. This flaw represents an insecure direct object reference that can expose sensitive user data. The weakness falls under CWE-639. Because the endpoint does not enforce proper ownership checks, an attacker can retrieve confidential memory contents belonging to other users, potentially leading to privacy violations.

Affected Systems

The vulnerability affects the Open WebUI product from the open-webui vendor. All releases prior to version 0.8.6 are impacted. The issue was fixed in version 0.8.6, which removes the IDOR path. Users running earlier versions should upgrade immediately.

Risk and Exploitability

The CVSS base score is 3.1, indicating a low severity. EPSS is not available, and it is not included in the CISA KEV catalog. The flaw requires an authenticated user to exploit, so it is not a remote code execution bug but still permits unauthorized data access. Attackers who have legitimate credentials but malicious intent can exploit the endpoint to harvest private memories, making the vulnerability useful in insider threat scenarios. Since it does not affect system integrity or availability, the risk is primarily confidentiality.

Generated by OpenCVE AI on March 27, 2026 at 06:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Open WebUI v0.8.6 or later.

Generated by OpenCVE AI on March 27, 2026 at 06:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-w9f8-gxf9-rhvw Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories
History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Open-webui
Open-webui open-webui
Vendors & Products Open-webui
Open-webui open-webui

Fri, 27 Mar 2026 04:00:00 +0000

Type Values Removed Values Added
Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via `/api/v1/retrieval/query/collection`. Version 0.8.6 patches the issue.
Title Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Open-webui Open-webui
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-26T23:54:38.117Z

Reserved: 2026-03-03T20:51:43.482Z

Link: CVE-2026-29071

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-27T00:16:22.983

Modified: 2026-03-27T00:16:22.983

Link: CVE-2026-29071

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:22:42Z

Weaknesses