CVE-2026-44554

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0

Description The 'POST /api/v1/retrieval/process/web' endpoint accepts a user-supplied collection name and an overwrite query parameter, which defaults to True. The system fails to perform authorization checks to verify if the calling user owns or has write access to the target collection. When overwrite is set to True, the save docs to vector db() function calls VECTOR DB CLIENT.delete collection() on the target collection before writing new content. This allows an authenticated attacker to destroy a victim's knowledge base embeddings or perform RAG (Retrieval-Augmented Generation) poisoning by replacing legitimate knowledge with attacker-controlled data, potentially leading to indirect prompt injection.

Recommendations Update to version 0.9.0.