Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, when attaching files to a promp, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with names containing dot-segments in the file path and traverse out of the intended uploads directory. Effectively, users can upload files anywhere on the filesystem the user running the web server has permission. This vulnerability is fixed in 0.1.124.
Published: 2026-05-15
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from Open WebUI accepting uploaded files without validating the file name, allowing dot‑segments to designate out‑of‑directory paths. This permits attackers to write files anywhere the web‑server process can access, effectively overwriting critical configuration files or placing executable code. It is a combination of a path‑traversal flaw (CWE‑22) and unchecked file‑upload (CWE‑434), enabling significant compromise of confidentiality, integrity, and potentially availability.

Affected Systems

Installations of the Open WebUI platform from the open‑webui:open-webui product line that are running a version older than 0.1.124 remain affected. The flaw was fixed in release 0.1.124, so any deployment that has not yet upgraded continues to be vulnerable and should be verified against the latest release notes.

Risk and Exploitability

The CVSS score of 7.3 indicates high severity. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting it has not yet been widely exploited. However, because the flaw is reachable through the public web interface, anyone capable of accessing the UI can trigger it, giving attackers broad opportunities to alter system configuration or introduce malicious code. The potential for wide impact makes the risk significant for exposed or publicly reachable deployments.

Generated by OpenCVE AI on May 15, 2026 at 22:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open WebUI to version 0.1.124 or later.
  • Restrict or disable the file‑upload feature until a patch is applied.
  • Run the web server with the least privileges necessary and monitor for unauthorized file creation.
  • Validate and sanitize uploaded file names to remove path segments or restrict to a safe directory.

Generated by OpenCVE AI on May 15, 2026 at 22:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-9pgh-j74g-qj6m Open WebUI Vulnerable to Arbitrary File Upload and Path Traversal
History

Fri, 15 May 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Open-webui
Open-webui open-webui
Vendors & Products Open-webui
Open-webui open-webui

Fri, 15 May 2026 21:30:00 +0000

Type Values Removed Values Added
Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, when attaching files to a promp, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with names containing dot-segments in the file path and traverse out of the intended uploads directory. Effectively, users can upload files anywhere on the filesystem the user running the web server has permission. This vulnerability is fixed in 0.1.124.
Title Open WebUI: Arbitrary File Upload and Path Traversal
Weaknesses CWE-22
CWE-434
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Open-webui Open-webui
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T21:01:32.318Z

Reserved: 2026-05-06T20:59:00.595Z

Link: CVE-2026-44566

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-15T22:16:52.920

Modified: 2026-05-15T22:16:52.920

Link: CVE-2026-44566

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T22:30:06Z

Weaknesses