CVE-2026-54015
MediumCVSS 6.4Exploitation Probability (EPSS)
Low risk6th percentile — higher than 6% of all known CVEs
Summary
Open WebUI prior to version 0.9.6 has a vulnerability that allows authenticated users to access the private prompt history of other users. The issues occur in the version history endpoints that do not verify if the history entry belongs to the correct prompt.
Risk Assessment
The organization may be exposed to unauthorized access to users' private data, potentially leading to privacy breaches and loss of trust in the system.
Recommendation
It is recommended to update Open WebUI to version 0.9.6 or later to eliminate this vulnerability and conduct an audit of user data access.
Original NVD description (English source)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI's prompt version-history endpoints authorize the prompt_id in the URL but then act on caller-supplied history IDs without verifying that the history row belongs to that prompt (history_entry.prompt_id == prompt.id). This affects /api/v1/prompts/id/{prompt_id}/history/diff, /api/v1/prompts/id/{prompt_id}/update/version, and /api/v1/prompts/id/{prompt_id}/history/{history_id}. An authenticated user with access to any prompt they control, plus a victim prompt_history.id, can read or delete another user's private prompt history. This vulnerability is fixed in 0.9.6.

