CVE-2026-29071

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.6

Description Open WebUI is a self-hosted artificial intelligence platform designed for offline operation. A flaw exists where any authenticated user can access private memories and files belonging to other users. This is due to a lack of proper authorization checks when querying collections via the /api/v1/retrieval/query/collection API endpoint. Specifically, the query collection handler function in backend/open webui/routers/retrieval.py does not validate ownership of the requested collections. User information, including UUIDs, emails, names, and roles, can be enumerated through the /api/v1/users/search endpoint. The vulnerability allows unauthorized access to user data, including personal memories (when the Memory feature is enabled) and the full content and metadata of uploaded files. The API endpoint /api/v1/retrieval/query/collection is vulnerable, accepting a collection names parameter without verifying user ownership. The user variable, obtained through Depends(get verified user), only confirms authentication, not authorization. File collections follow the pattern file-{FILE UUID}, and user memories use user-memory-{USER UUID}.

Recommendations Versions prior to 0.8.6: Implement ownership validation within the /api/v1/retrieval/query/collection function to ensure users can only access collections they own or have permission to view. Versions prior to 0.8.6: Restrict access to the /api/v1/users/search endpoint to administrators only, or limit the information returned to non-privileged users.