CVE-2026-29070
Improper Access Control in Open WebUI Allows Arbitrary File Deletion
Publication date: 2026-03-27
Last updated on: 2026-04-01
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openwebui | open_webui | to 0.8.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized deletion of files across knowledge bases, compromising data integrity by enabling attackers to delete arbitrary files if they know the file ID. However, there is no impact on confidentiality or availability.
Since the vulnerability affects data integrity but does not expose or leak sensitive data, its direct impact on compliance with standards like GDPR or HIPAA is limited. These regulations emphasize protecting confidentiality, integrity, and availability of personal or sensitive data.
The unauthorized deletion of files could potentially violate data integrity requirements under such regulations, especially if the deleted files contain regulated personal or health information. Organizations using the affected software might face compliance risks if they cannot ensure data integrity and proper access controls.
Therefore, while the vulnerability does not directly cause data breaches or confidentiality loss, it may still affect compliance by undermining data integrity controls required by standards like GDPR and HIPAA.
Can you explain this vulnerability to me?
CVE-2026-29070 is a moderate severity vulnerability in the Open WebUI platform affecting versions up to 0.8.5. The issue arises because when deleting a file from a knowledge base, the system only checks if the user has write access to that knowledge base or is an admin, but it does not verify whether the file actually belongs to that knowledge base.
This means an attacker who knows the ID of a file in another knowledge base can delete that file by sending a deletion request under their own knowledge base ID. The vulnerability allows unauthorized deletion of arbitrary files across knowledge bases due to insufficient access control checks.
The problem was fixed in version 0.8.6 by adding proper validation to ensure the file belongs to the knowledge base before allowing deletion.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized deletion of files from any knowledge base within the Open WebUI platform, as long as the attacker knows the file ID.
The impact is primarily on data integrity and availability, as files can be deleted without proper authorization. However, there is no loss of confidentiality since the vulnerability does not expose file contents.
- Loss of files due to unauthorized deletion
- Compromise of data integrity within knowledge bases
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring API requests to the endpoint responsible for file deletion in knowledge bases, specifically POST requests to /{id}/file/remove.
Detection involves checking if deletion requests are made where the file ID does not belong to the knowledge base ID used in the request, indicating unauthorized deletion attempts.
You can use network monitoring or logging tools to capture such requests and verify if the file ownership validation is missing.
Example commands to detect suspicious deletion attempts might include:
- Using curl to simulate or check deletion requests: curl -X POST https://your-open-webui-instance/{knowledge_base_id}/file/remove -d '{"file_id": "some_file_id"}' -H 'Authorization: Bearer <token>'
- Using grep or similar tools on server logs to find deletion requests: grep '/file/remove' /path/to/open-webui/logs/access.log
- Using network packet capture tools like tcpdump or Wireshark to filter POST requests to /file/remove endpoint.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Open WebUI to version 0.8.6 or later, where the vulnerability has been patched by adding proper validation to ensure the file belongs to the knowledge base before deletion.
Until the upgrade can be applied, restrict write access to knowledge bases only to trusted users to reduce the risk of exploitation.
Additionally, monitor and audit deletion requests to detect any unauthorized file deletion attempts.