CVE Catalog

CVE-2026-54022

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

In Open WebUI prior to version 0.8.11, there is a vulnerability that allows an attacker to bypass authorization checks when joining a document room. By manipulating the document identifier, the attacker can access the victim's private note contents.

Risk Assessment

Organizations may be exposed to the leakage of sensitive information, which can lead to breaches of user privacy and loss of trust in the system.

Recommendation

It is recommended to update Open WebUI to version 0.8.11 or later to eliminate this vulnerability and implement additional security mechanisms for document access.

Original NVD description (English source)

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the ydoc:document:join Socket.IO handler checks note ownership only when the document_id starts with note: (colon). However, the YdocManager storage layer normalizes all document IDs by replacing colons with underscores (document_id.replace(":", "_")). An attacker can join a document room using note_<id> (underscore) instead of note:<id> (colon), bypassing the authorization check entirely while accessing the same underlying Yjs document. The server then returns the full document state, leaking the victim's private note contents. This vulnerability is fixed in 0.8.11.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS