Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a missing permission check in all files related API endpoints allows any authenticated user to list, access and delete every file uploaded by every user to the platform. This vulnerability is fixed in 0.3.16.
Published: 2026-05-15
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Open WebUI contains a missing permission check in all files API endpoints. An authenticated user can list, read, and delete every file uploaded by any user, effectively bypassing ownership controls. This allows the attacker to exfiltrate confidential data, modify or erase evidence, and disrupt services.

Affected Systems

Open WebUI, a self-hosted AI platform that can be run offline, is affected. All releases prior to 0.3.16 are vulnerable. The vulnerability impacts any deployment where the files API is exposed, including internal private cloud and on-premises setups.

Risk and Exploitability

The CVSS score of 8.1 indicates high severity. An authenticated user can list, access, and delete any uploaded file, effectively bypassing ownership controls. The CVE description does not explicitly state the attack vector, but based on the description it is inferred that an attacker would need valid credentials and could exploit the flaw remotely over the network once authenticated. EPSS is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting no known widespread exploitation yet; the lack of a permission check makes the flaw trivially exploitable once credentials are obtained.

Generated by OpenCVE AI on May 15, 2026 at 22:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open WebUI to version 0.3.16 or later to apply the vendor fix for the missing permission check.
  • Restrict or disable the files API for non-administrative users until the upgrade is performed, ensuring only authorized roles can list, view, or delete files.
  • Audit file access logs for signs of unauthorized enumeration or deletion and investigate any anomalies.

Generated by OpenCVE AI on May 15, 2026 at 22:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-r8wh-8m7r-fh33 Open WebUI: Missing permission check in files API allows authenticated users to list, access and delete every uploaded file
History

Fri, 15 May 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Open-webui
Open-webui open-webui
Vendors & Products Open-webui
Open-webui open-webui

Fri, 15 May 2026 21:30:00 +0000

Type Values Removed Values Added
Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a missing permission check in all files related API endpoints allows any authenticated user to list, access and delete every file uploaded by every user to the platform. This vulnerability is fixed in 0.3.16.
Title Open WebUI: Missing permission check in files API allows authenticated users to list, access and delete every uploaded file
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Open-webui Open-webui
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T21:19:46.004Z

Reserved: 2026-05-11T20:14:43.202Z

Link: CVE-2026-45301

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-15T22:16:53.837

Modified: 2026-05-15T22:16:53.837

Link: CVE-2026-45301

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T23:00:14Z

Weaknesses