CVE-2026-54010
HighCVSS 8.3Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
Open WebUI is an artificial intelligence platform that, prior to version 0.9.6, allowed authenticated users to attach arbitrary file_id values to their chat messages without verifying ownership. This enables attackers to access victim files by sharing the chat.
Risk Assessment
Organizations may be exposed to unauthorized access to sensitive files, potentially leading to data leaks or unauthorized deletions.
Recommendation
It is recommended to update Open WebUI to version 0.9.6 or later to mitigate this vulnerability.
Original NVD description (English source)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets an authenticated user attach arbitrary file_id values to their own chat message without checking whether they own or can read those files. If the attacker then shares that chat and grants themselves read access, has_access_to_file() treats the victim file as accessible through the shared chat, and the file endpoints read or delete the victim file. This vulnerability is fixed in 0.9.6.

