Vulnerability Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, _validate_collection_access() checks the user-memory-* and file-* collection name prefixes but does not check knowledge base collections, which use raw UUIDs as collection names. Any authenticated user who knows a private knowledge base UUID can read its content through the retrieval query endpoints, even though the knowledge API correctly denies that user access. The same gap affects the retrieval write endpoints (/process/text, /process/file, /process/files/batch, /process/web, /process/youtube), allowing an attacker to inject content into or overwrite another user's knowledge base. This vulnerability is fixed in 0.9.5.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openwebui | Open Webui | < 0.9.5 |
Related Weaknesses (CWE)
References
- https://github.com/open-webui/open-webui/pull/22109Issue TrackingPatch
- https://github.com/open-webui/open-webui/releases/tag/v0.9.5Release Notes
- https://github.com/open-webui/open-webui/security/advisories/GHSA-4g37-7p2c-38r9ExploitMitigationVendor Advisory
- https://github.com/open-webui/open-webui/security/advisories/GHSA-4g37-7p2c-38r9ExploitMitigationVendor Advisory
FAQ
What is CVE-2026-45398?
CVE-2026-45398 is a vulnerability with a CVSS score of 7.5 (HIGH). Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, _validate_collection_access() checks the user-memory-* and file-* collection name pre...
How severe is CVE-2026-45398?
CVE-2026-45398 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-45398?
Check the references section above for vendor advisories and patch information. Affected products include: Openwebui Open Webui.