PT-2026-56879 · Openwebui · Open-Webui
Publicado
2026-07-09
·
Atualizado
2026-07-09
·
CVE-2026-59212
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, verify knowledge file access only checked read access while file write and delete routes later trusted object-derived access through writable model meta.knowledge entries, allowing a user with read-only knowledge file access to upgrade to file write or delete operations. This issue is fixed in version 0.10.0.
Correção
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Open-Webui