CVE-2026-54022
Undergoing Analysis Undergoing Analysis - In Progress
Ydoc Document Access Control Bypass in Open WebUI

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: GitHub, Inc.

Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the ydoc:document:join Socket.IO handler checks note ownership only when the document_id starts with note: (colon). However, the YdocManager storage layer normalizes all document IDs by replacing colons with underscores (document_id.replace(":", "_")). An attacker can join a document room using note_<id> (underscore) instead of note:<id> (colon), bypassing the authorization check entirely while accessing the same underlying Yjs document. The server then returns the full document state, leaking the victim's private note contents. This vulnerability is fixed in 0.8.11.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-24
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-54022
EUVD
EUVD-2026-38521
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
open_webui open_webui to 0.8.11 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
CWE-706 The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Open WebUI versions prior to 0.8.11, where an attacker can bypass authorization checks when joining document rooms. The system checks note ownership only if the document ID starts with "note:" (colon), but internally document IDs are normalized by replacing colons with underscores. This mismatch allows an attacker to join a document room using "note_<id>" (underscore) instead of "note:<id>" (colon), bypassing the authorization check and accessing the same underlying document.

As a result, the attacker can retrieve the full contents of a victim's private note, potentially exposing sensitive information.

Impact Analysis

This vulnerability allows any authenticated user to read other users' private notes without proper authorization. The attacker can access sensitive information such as credentials, internal documentation, or any private data stored in the victim's notes.

The impact is a confidentiality breach, exposing private and potentially sensitive information to unauthorized users.

Detection Guidance

Detection of this vulnerability involves monitoring for unauthorized access attempts to document rooms using the 'note_<id>' format instead of the expected 'note:<id>' format in Open WebUI.

Since the attack requires an authenticated user and knowledge of the target note's ID, network or system logs should be inspected for Socket.IO join requests where document IDs contain underscores replacing colons.

Specific commands are not provided in the available resources, but administrators can review authentication logs and Socket.IO event logs for suspicious join events with document IDs using underscores.

Mitigation Strategies

The immediate mitigation step is to upgrade Open WebUI to version 0.8.11 or later, where this vulnerability has been fixed.

Until the upgrade can be applied, restrict authenticated user access to trusted users only, and monitor for suspicious document join requests using the 'note_<id>' pattern.

Compliance Impact

This vulnerability allows an authenticated attacker to access other users' private notes, potentially exposing sensitive personal or confidential information.

Such unauthorized disclosure of private data could lead to non-compliance with data protection regulations like GDPR or HIPAA, which require strict controls over access to personal and sensitive information.

Organizations using affected versions of Open WebUI may face increased risk of data breaches and regulatory penalties if this vulnerability is exploited.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54022. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart