CVE-2026-54010 | THREATINT

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets an authenticated user attach arbitrary file_id values to their own chat message without checking whether they own or can read those files. If the attacker then shares that chat and grants themselves read access, has_access_to_file() treats the victim file as accessible through the shared chat, and the file endpoints read or delete the victim file. This vulnerability is fixed in 0.9.6.

PUBLISHED Reserved 2026-06-11 | Published 2026-06-23 | Updated 2026-06-24 | Assigner GitHub_M

HIGH: 8.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Problem types

CWE-284: Improper Access Control

CWE-639: Authorization Bypass Through User-Controlled Key

CWE-862: Missing Authorization

Product status

< 0.9.6

affected

References

github.com/...-webui/security/advisories/GHSA-vrhc-3fr6-pc3c exploit

github.com/...-webui/security/advisories/GHSA-vrhc-3fr6-pc3c

cve.org (CVE-2026-54010)

nvd.nist.gov (CVE-2026-54010)

Download JSON