CVE-2026-54010
Undergoing Analysis Undergoing Analysis - In Progress
Unauthorized File Access in Open WebUI

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: GitHub, Inc.

Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets an authenticated user attach arbitrary file_id values to their own chat message without checking whether they own or can read those files. If the attacker then shares that chat and grants themselves read access, has_access_to_file() treats the victim file as accessible through the shared chat, and the file endpoints read or delete the victim file. This vulnerability is fixed in 0.9.6.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-24
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-54010
EUVD
EUVD-2026-38532
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
open_webui open_webui to 0.9.6 (exc)
open_webui open_webui 0.9.6
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-54010 is a high-severity vulnerability in Open WebUI versions 0.9.5 and earlier that allows authenticated attackers to read and delete files belonging to other users.

The issue arises from improper access control in the chat-file linking mechanism. Attackers can attach arbitrary file IDs to their own chat messages without verifying ownership or read access.

When the attacker shares the chat and grants themselves read access, the system incorrectly authorizes file operations through the shared chat association, bypassing normal file authorization checks.

This allows attackers to read files via the GET /api/v1/files/{id}/content endpoint and delete files via DELETE /api/v1/files/{id}.

The vulnerability was fixed in version 0.9.6 by implementing file ownership validation before chat-file insertion and enforcing access type checks in the shared-chat authorization branch.

Impact Analysis

This vulnerability can have a significant impact by allowing an authenticated attacker to read and delete files belonging to other users without proper authorization.

Such unauthorized access compromises the confidentiality and integrity of user data.

Because the attacker can delete files, availability is also affected, though to a lesser extent.

The CVSS score of 8.3 reflects a high impact on confidentiality and integrity with relatively low complexity and required privileges.

Detection Guidance

This vulnerability involves unauthorized file access through the Open WebUI chat-file linking mechanism, specifically via the GET and DELETE API endpoints for files.

To detect exploitation attempts on your system, monitor API requests to the following endpoints for suspicious activity:

  • GET /api/v1/files/{id}/content - attempts to read files
  • DELETE /api/v1/files/{id} - attempts to delete files

Look for authenticated users making requests with file IDs they do not own or have legitimate access to.

Suggested commands to detect such activity could include using network monitoring or log analysis tools to filter for these API calls. For example, using grep on server logs:

  • grep -i "/api/v1/files/" /path/to/access.log | grep -E "GET|DELETE"
  • Further filter by user identifiers or IP addresses to identify suspicious patterns.
Mitigation Strategies

The primary mitigation is to upgrade Open WebUI to version 0.9.6 or later, where the vulnerability has been fixed.

This update enforces file ownership validation before allowing chat-file associations and properly checks access types in shared chats.

Until the upgrade can be applied, consider restricting authenticated user permissions to prevent attaching arbitrary file IDs to chat messages and monitor for suspicious API usage as described.

Compliance Impact

This vulnerability allows authenticated attackers to read and delete files belonging to other users by bypassing normal file authorization checks. Such unauthorized access and modification of user files can lead to breaches of confidentiality and integrity.

Because the vulnerability enables unauthorized access to potentially sensitive data, it may negatively impact compliance with data protection standards and regulations such as GDPR and HIPAA, which require strict controls on access to personal and protected health information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54010. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart