Executive Summary

CVE-2026-29071 is an Insecure Direct Object Reference (IDOR) vulnerability in the Open WebUI platform versions up to 0.8.5. It allows any authenticated user to access private data of other users without proper authorization checks.

Specifically, the vulnerable endpoint `/api/v1/retrieval/query/collection` accepts requests to retrieve collections of data such as user files and private memories but does not verify if the requesting user owns or has permission to access those collections.

An attacker can enumerate all users and their UUIDs, emails, and roles via another endpoint, then use those UUIDs to query and retrieve private memories or files belonging to other users, including administrators.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized disclosure of private data within the Open WebUI platform.

• Exposure of private files and personal memories of other users, including sensitive information used for AI personalization.
• User enumeration allowing attackers to gather UUIDs, emails, names, and roles of all users, including administrators.
• No administrative privileges are required to exploit this vulnerability; any authenticated user can perform the attack.

Overall, this leads to a breach of privacy and potential misuse of sensitive user data.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by testing whether an authenticated user can access other users' private data without proper authorization.

• Enumerate users by sending a GET request to the endpoint `/api/v1/users/search` to retrieve UUIDs, emails, and roles.
• Attempt to access private memories by sending a POST request to `/api/v1/retrieval/query/collection` with the JSON body containing `collection_names` set to `["user-memory-<target_user_UUID>"]`.
• Attempt to access private files by sending a POST request to `/api/v1/retrieval/query/collection` with `collection_names` set to `["file-<file_UUID>"]`.

These steps require authentication and the Memory experimental feature to be enabled for memory access.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability immediately, upgrade Open WebUI to version 0.8.6 or later where the issue is patched.

If upgrading is not immediately possible, restrict access to the `/api/v1/users/search` endpoint to admin users only or limit the information returned to non-privileged users.

Implement ownership validation in the `query_collection_handler` function to ensure users can only access their own private memories and files unless they have admin privileges.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows any authenticated user to access other users' private data, including personal memories and files, without proper authorization. Such unauthorized exposure of personal and sensitive data can lead to violations of privacy regulations like GDPR and HIPAA, which mandate strict controls over access to personal and health-related information.

Specifically, the leakage of private memories used for personalization and user files can be considered a breach of confidentiality requirements under these standards. The ability to enumerate users and access their private data without admin privileges increases the risk of non-compliance with data protection laws that require limiting data access to authorized personnel only.

Useful 0 Not Useful 0