PT-2026-41193 · Unknown · Open-Webui
Published
2026-05-14
·
Updated
2026-05-19
·
CVE-2026-45398
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Open WebUI versions prior to 0.8.12
Description
An Insecure Direct Object Reference (IDOR) exists in the retrieval API due to insufficient validation in the
validate collection access() function. While the function checks specific prefixes for user memory and files, it fails to validate knowledge base collections that use raw UUIDs. This allows any authenticated user who knows a private knowledge base UUID to bypass access controls.Technical details include:
- API Endpoints: Read access is possible via 'POST /api/v1/retrieval/query/doc' and 'POST /api/v1/retrieval/query/collection'. Write access, which allows injecting or overwriting content, is possible via 'POST /api/v1/retrieval/process/text', 'POST /api/v1/retrieval/process/file', 'POST /api/v1/retrieval/process/files/batch', 'POST /api/v1/retrieval/process/web', and 'POST /api/v1/retrieval/process/youtube'.
- Vulnerable Parameters: The
collection nameandcollection namesvariables are used to target specific knowledge bases without proper ownership verification.
Recommendations
Update to a version where
validate collection access() is modified to include a permission parameter and perform ownership or access checks for knowledge base UUIDs.
Ensure all affected write endpoints call validate collection access() with permission="write" before processing the collection name.Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open-Webui