CVE-2026-44557

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0

Description The validate collection access() function employs an incomplete allowlist that only verifies ownership for collections starting with user-memory-* and file-*. Other collection names, such as the system-level knowledge-bases meta-collection, are not checked. This allows any authenticated user to query the meta-collection via retrieval query endpoints, such as 'POST /api/v1/retrieval/query/doc', using the collection name parameter to obtain a global index of all knowledge bases across all users, including their IDs, names, and descriptions.

Recommendations Update to version 0.9.0.