CVE-2026-54019
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk20th percentile — higher than 20% of all known CVEs
Summary
Open WebUI is a self-hosted artificial intelligence platform that prior to version 0.9.6 added collection-level ACL checks. However, in Milvus multitenancy mode, these checks can be bypassed, leading to potential unauthorized access to resources.
Risk Assessment
Organizations may be exposed to unauthorized access to data, which could result in information leakage or data manipulation. Specifically, users may exploit improper collection names to gain access to resources that should be protected.
Recommendation
It is recommended to update Open WebUI to version 0.9.6 or later to patch this vulnerability. Additionally, conducting an audit of ACL configurations and monitoring access to collections in multitenancy mode is advisable.
Original NVD description (English source)
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI added collection-level ACL checks, but the patch can still be bypassed when Milvus multitenancy mode is enabled. The ACL allows unknown non-KB collection names as legacy/ephemeral collections. In Milvus multitenancy mode, that user-controlled collection name becomes a resource_id and is interpolated into a Milvus expression without escaping. This is caused by an incomplete fix for CVE-2026-44560 This vulnerability is fixed in 0.9.6.

