Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, GET /api/v1/retrieval/ returns live RAG pipeline configuration to any unauthenticated HTTP client. No Authorization header, cookie, or API key is required. Every adjacent endpoint on the same router (/embedding, /config) is correctly guarded by get_admin_user making this a targeted omission. This vulnerability is fixed in 0.9.5.
Published: 2026-05-15
Score: 5.3 Medium
EPSS: 1.1% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the Open WebUI platform, an offline AI service. In versions before 0.9.5, sending a GET request to /api/v1/retrieval/ returns the live Retrieval Augmented Generation pipeline configuration to any HTTP client without needing a token or authentication header. The endpoint is protected by the usual get_admin_user logic only on neighboring routes, so the omission allows unauthenticated disclosure of internal configuration data. This represents a moderate severity disclosure of potentially sensitive system settings, which an attacker could leverage to understand the system internals or plan subsequent attacks. The weakness is identified as CWE‑306, an authentication bypass.

Affected Systems

Affected systems are installations of Open WebUI version 0.9.4 and earlier. The vulnerability is confirmed in the open-webui product as distributed by the open-webui authors. The configuration endpoint remains accessible to anyone who can reach the deployment network point of entry, regardless of authentication enforcement on other endpoints.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate impact. The EPSS score is 1%, and the vulnerability is not listed in CISA KEV, suggesting lower exploitation likelihood in the current threat landscape. However, because the attacker only needs to send an unauthenticated HTTP GET request, the attack vector is straightforward and can be executed without special credentials. If the service is exposed to the internet or an untrusted network segment, the risk of accidental disclosure is significant.

Generated by OpenCVE AI on June 4, 2026 at 14:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open WebUI to version 0.9.5 or newer to eliminate the unauthenticated /api/v1/retrieval/ endpoint.
  • If an immediate upgrade is not possible, restrict network access to the endpoint by firewalling or placing the service behind authentication proxy.
  • Verify that all administrative endpoints are guarded with proper authentication and that no other APIs inadvertently expose sensitive configuration.

Generated by OpenCVE AI on June 4, 2026 at 14:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-65pg-qhhw-mxwg Open WebUI Vulnerable to Unauthenticated RAG Configuration Disclosure
History

Tue, 19 May 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Openwebui
Openwebui open Webui
CPEs cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*
Vendors & Products Openwebui
Openwebui open Webui

Mon, 18 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Open-webui
Open-webui open-webui
Vendors & Products Open-webui
Open-webui open-webui

Fri, 15 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, GET /api/v1/retrieval/ returns live RAG pipeline configuration to any unauthenticated HTTP client. No Authorization header, cookie, or API key is required. Every adjacent endpoint on the same router (/embedding, /config) is correctly guarded by get_admin_user making this a targeted omission. This vulnerability is fixed in 0.9.5.
Title Open WebUI: Unauthenticated RAG Configuration Disclosure
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Open-webui Open-webui
Openwebui Open Webui
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-18T14:34:37.463Z

Reserved: 2026-05-12T01:48:40.451Z

Link: CVE-2026-45397

cve-icon Vulnrichment

Updated: 2026-05-18T14:34:30.782Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-15T21:16:37.730

Modified: 2026-05-19T12:19:29.437

Link: CVE-2026-45397

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-04T14:45:16Z

Weaknesses