Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authorization controls surrounding the memories API were inconsistent, resulting in the ability of a standard user to delete, restore, and view the contents of other users' memories. Using a newly created non-admin user with no existing memories, it is possible to view existing memories via POST /api/v1/memories/query. Similarly, even if a non-admin user cannot modify another user's memory data via POST /api/v1/memories/{memory_id}/update, the endpoint's response improperly leaks the content of that memory if a valid memory_id is known. The DELETE /api/v1/memories/{memory_id} can also be used by any user to delete an existing memory. Deleted memories can then be restored by calling the POST /api/v1/memories/{memory_id}/update endpoint again. This vulnerability is fixed in 0.6.19.
Published: 2026-05-15
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Open WebUI is a self‑hosted AI platform. Prior to version 0.6.19 the memories API had inconsistent authorization checks, allowing a standard user to delete, restore, and view other users’ memories. The POST /api/v1/memories/query, POST /api/v1/memories/{memory_id}/update, and DELETE /api/v1/memories/{memory_id} endpoints exposed or modified data that the caller should not have accessed. This flaw permits an attacker to read, erase, and revive private memories, compromising data confidentiality, integrity, and availability. The weakness is a classic unauthorized access problem (CWE‑639).

Affected Systems

Any deployment of open‑webui that is older than version 0.6.19 is affected; the fix was applied in 0.6.19. No other vendors or product variants are reported.

Risk and Exploitability

The CVSS base score of 8.3 indicates high severity. The EPSS score is not published, so exploitation probability is uncertain, but the flaw is exploitable by anyone with network access to the memories API. It is not listed in the CISA KEV catalog. Attackers can abuse the vulnerable endpoints by sending crafted HTTP requests from internal or exposed network locations, using known memory identifiers or examining query results to retrieve or delete others’ memories.

Generated by OpenCVE AI on May 15, 2026 at 22:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Open WebUI to version 0.6.19 or later to apply the vendor patch that reinstates proper authorization for the memories API.
  • If an upgrade cannot be performed immediately, restrict access to the memories API endpoints by using firewall or reverse‑proxy rules so that only trusted administrators can reach them.
  • Configure role‑based access controls within Open WebUI so that only users with administrative privileges can invoke POST /api/v1/memories/*, DELETE /api/v1/memories/{memory_id}, and retrieve memory data.

Generated by OpenCVE AI on May 15, 2026 at 22:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-hmjq-crxp-7rjw Open WebUI has inconsistent authorization controls within memories API
History

Fri, 15 May 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Open-webui
Open-webui open-webui
Vendors & Products Open-webui
Open-webui open-webui

Fri, 15 May 2026 21:30:00 +0000

Type Values Removed Values Added
Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, authorization controls surrounding the memories API were inconsistent, resulting in the ability of a standard user to delete, restore, and view the contents of other users' memories. Using a newly created non-admin user with no existing memories, it is possible to view existing memories via POST /api/v1/memories/query. Similarly, even if a non-admin user cannot modify another user's memory data via POST /api/v1/memories/{memory_id}/update, the endpoint's response improperly leaks the content of that memory if a valid memory_id is known. The DELETE /api/v1/memories/{memory_id} can also be used by any user to delete an existing memory. Deleted memories can then be restored by calling the POST /api/v1/memories/{memory_id}/update endpoint again. This vulnerability is fixed in 0.6.19.
Title Open WebUI: Inconsistent authorization controls within memories API
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L'}

Subscriptions

Open-webui Open-webui
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T21:05:17.343Z

Reserved: 2026-05-06T20:59:00.596Z

Link: CVE-2026-44570

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-15T22:16:53.323

Modified: 2026-05-15T22:16:53.323

Link: CVE-2026-44570

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T23:00:14Z

Weaknesses