CVE-2026-54014
Undergoing Analysis Undergoing Analysis - In Progress
Path Traversal in Open WebUI Prior to 0.9.6

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: GitHub, Inc.

Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, a path traversal vulnerability exists in open-webui's cache file serving endpoint that allows any authenticated user to read files from sibling directories outside the intended cache directory, by exploiting an incomplete startswith containment check that lacks a trailing path separator. The root cause is that serve_cache_file() in open_webui/main.py validates the resolved path with file_path.startswith(os.path.abspath(CACHE_DIR)) β€” without appending os.sep. This allows any path resolving to a sibling directory whose name begins with cache (e.g. cache_sibling, cache_backup, cached_models) to pass validation. This vulnerability is fixed in 0.9.6.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-24
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-54014
EUVD
EUVD-2026-38528
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
open-webui open-webui to 0.9.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a path traversal issue in the open-webui platform's cache file serving endpoint. It allows any authenticated user to read files from sibling directories outside the intended cache directory. The problem occurs because the function that validates file paths only checks if the path starts with the cache directory path but does not include a trailing path separator. This means directories with names starting with "cache" but located outside the intended directory (like cache_sibling or cache_backup) can bypass the check and have their files accessed.

Impact Analysis

This vulnerability can allow an authenticated user to read files from directories outside the intended cache directory, potentially exposing sensitive or confidential information stored in sibling directories that start with "cache". Although the vulnerability requires authentication and only allows read access, it could lead to unauthorized disclosure of data.

Detection Guidance

This vulnerability can be detected by attempting to access files outside the intended cache directory through the cache file serving endpoint (GET /cache/{path}) using paths that resolve to sibling directories starting with "cache" (e.g., cache_sibling, cache_backup). Since the vulnerability allows authenticated users to read files from these sibling directories, testing with such paths can reveal if the system is vulnerable.

Suggested commands involve making authenticated HTTP GET requests to the vulnerable endpoint with crafted paths. For example, using curl:

  • curl -u <username>:<password> "http://<host>/cache/cache_sibling/somefile"
  • curl -u <username>:<password> "http://<host>/cache/cache_backup/anotherfile"

If these requests return files from sibling directories outside the intended cache directory, the system is vulnerable.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade open-webui to version 0.9.6 or later, where the path traversal flaw in the cache file serving endpoint has been fixed.

Until the upgrade can be applied, restrict access to the cache file serving endpoint to trusted users only, and monitor for any suspicious access attempts to paths starting with "cache" that could indicate exploitation attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54014. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart