Unknown · Open-Webui · CVE-2026-29071
**Name of the Vulnerable Software and Affected Versions**
Open WebUI versions prior to 0.8.6
**Description**
Open WebUI is a self-hosted artificial intelligence platform designed for offline operation. A flaw exists where any authenticated user can access private memories and files belonging to other users. This is due to a lack of proper authorization checks when querying collections via the `/api/v1/retrieval/query/collection` API endpoint. Specifically, the `query collection handler` function in `backend/open webui/routers/retrieval.py` does not validate ownership of the requested collections. User information, including UUIDs, emails, names, and roles, can be enumerated through the `/api/v1/users/search` endpoint. The vulnerability allows unauthorized access to user data, including personal memories (when the Memory feature is enabled) and the full content and metadata of uploaded files. The API endpoint `/api/v1/retrieval/query/collection` is vulnerable, accepting a `collection names` parameter without verifying user ownership. The `user` variable, obtained through `Depends(get verified user)`, only confirms authentication, not authorization. File collections follow the pattern `file-{FILE UUID}`, and user memories use `user-memory-{USER UUID}`.
**Recommendations**
Versions prior to 0.8.6: Implement ownership validation within the `/api/v1/retrieval/query/collection` function to ensure users can only access collections they own or have permission to view.
Versions prior to 0.8.6: Restrict access to the `/api/v1/users/search` endpoint to administrators only, or limit the information returned to non-privileged users.