Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via `/api/v1/retrieval/query/collection`. Version 0.8.6 patches the issue.
Published: 2026-03-26
Score: 3.1 Low
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Data Access
Action: Patch
AI Analysis

Impact

Open WebUI's API endpoint /api/v1/retrieval/query/collection can be used by any authenticated user to read the private memories of other users. This vulnerability is an insecure direct object reference (IDOR), allowing an attacker to access confidential data that should be isolated to the owner. The weakness is identified as CWE-639, an access control issue that permits read operations across user boundaries, potentially exposing sensitive personal information.

Affected Systems

The affected product is Open WebUI. All releases prior to version 0.8.6 are impacted. Users running those versions should upgrade to 0.8.6 or later to receive the fix.

Risk and Exploitability

The CVSS score is 3.1, indicating low severity, and the EPSS score is below 1%, suggesting a low likelihood of exploitation in the wild. The vulnerability is not listed in CISA's KEV catalog. Attackers must first authenticate to the system, after which they can directly call the vulnerable API endpoint to retrieve another user's data. Because the flaw only grants read access and there are no known privilege escalation steps, the impact is limited to confidentiality leakage, not a broader system compromise.

Generated by OpenCVE AI on April 2, 2026 at 03:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open WebUI to version 0.8.6 or later.
  • If an upgrade is not immediately possible, restrict access to the /api/v1/retrieval/query/collection endpoint or enforce stricter role-based access controls to prevent unauthorized reads.
  • Verify that the latest release has the IDOR fix applied and test access controls to ensure only the intended user can view private memories.

Generated by OpenCVE AI on April 2, 2026 at 03:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-w9f8-gxf9-rhvw Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories
History

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Openwebui
Openwebui open Webui
CPEs cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*
Vendors & Products Openwebui
Openwebui open Webui

Fri, 27 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Open-webui
Open-webui open-webui
Vendors & Products Open-webui
Open-webui open-webui

Fri, 27 Mar 2026 04:00:00 +0000

Type Values Removed Values Added
Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via `/api/v1/retrieval/query/collection`. Version 0.8.6 patches the issue.
Title Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Open-webui Open-webui
Openwebui Open Webui
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-27T20:06:33.347Z

Reserved: 2026-03-03T20:51:43.482Z

Link: CVE-2026-29071

cve-icon Vulnrichment

Updated: 2026-03-27T20:06:28.818Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-27T00:16:22.983

Modified: 2026-04-01T16:09:53.443

Link: CVE-2026-29071

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T07:56:01Z

Weaknesses