Open WebUI allows an attacker to write or delete arbitrary files through a path traversal vulnerability that is triggered when uploading an audio file. The file name is taken directly from the HTTP request without validation or sanitization, enabling a malicious user to embed dot segments in the file path and navigate outside the intended uploads directory. This flaw can be exploited to create or overwrite files anywhere on the file system that the web server process can write to, potentially compromising confidentiality, integrity, or availability. The weakness is a classic pathname traversal flaw classified as CWE-22.

The vendor is open-webui and the affected product is the self‑hosted AI platform itself. Versions prior to 0.6.10 are impacted, including all 0.5.x releases and 0.6.0 through 0.6.9. The issue is resolved in 0.6.10 and later releases.

The CVSS score for this vulnerability is 8.1, indicating a high severity level. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting that exploitation data is sparse or non‑public. The attack vector is inferred to be via the web upload interface; an attacker who can submit an audio file—either by having a user account or through a public upload endpoint—can exploit the flaw. The exploitation requires only file system write permissions granted to the web server user, so local privilege is sufficient once the web server can be reached.