CVE-2026-59217
Received Received - Intake

File Upload Path Traversal in Open WebUI

Vulnerability report for CVE-2026-59217, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: GitHub, Inc.

Description

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the file upload path accepted metadata.knowledge_id and auto-linked uploaded files to a target knowledge base without applying the write-access check used by /api/v1/knowledge//file/add, allowing read-only knowledge-base users to add arbitrary files. This issue is fixed in version 0.10.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
open_webui open_webui to 0.10.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

The primary mitigation is to upgrade Open WebUI to version 0.10.0 or later, where this vulnerability is fixed by enforcing proper authorization checks before linking uploaded files to a knowledge base.

If upgrading immediately is not possible, restrict file upload permissions to trusted users only and monitor uploads closely for suspicious activity involving the metadata.knowledge_id field.

Additionally, review and audit user permissions to ensure that read-only users cannot exploit this vulnerability by uploading files linked to knowledge bases they should not modify.

Implement logging and alerting on file upload endpoints to detect unauthorized attempts and consider temporarily disabling the auto-linking feature if feasible.

Compliance Impact

This vulnerability allows read-only users to add arbitrary files to knowledge bases without proper write-access authorization, potentially leading to unauthorized modifications and integrity issues in shared knowledge-base files.

Such unauthorized file additions could result in exposure or alteration of sensitive information, which may impact compliance with data protection regulations like GDPR or HIPAA that require strict access controls and data integrity safeguards.

However, the vulnerability requires a verified Open WebUI account and knowledge of a target knowledge-base ID, so it does not allow unauthenticated access.

The issue highlights the importance of enforcing proper authorization checks to maintain compliance with standards that mandate controlled access and prevention of unauthorized data modification.

Executive Summary

CVE-2026-59217 is a security vulnerability in Open WebUI where the file upload path accepts a metadata field called metadata.knowledge_id and automatically links uploaded files to a target knowledge base without performing the necessary write-access authorization checks.

This flaw allows users who only have read-only access to a knowledge base to add arbitrary files to it, bypassing the intended permission restrictions.

The issue occurs because the upload auto-linking process trusts client-supplied metadata and inserts the file association before verifying if the user has write permissions, unlike the dedicated file add endpoint which correctly enforces authorization.

As a result, an attacker with a verified Open WebUI account and knowledge of a target knowledge base ID can upload files linked to that knowledge base without proper rights.

Impact Analysis

This vulnerability can lead to unauthorized modifications of knowledge bases by allowing read-only users to add files they should not be able to.

Files added by unauthorized users become visible to other users with access to the knowledge base, potentially compromising the integrity of shared information.

It may also enable attacks such as retrieval-augmented generation (RAG) or content poisoning if the knowledge base is later reprocessed using the maliciously added files.

The attacker cannot gain unauthenticated access but only needs a verified account and knowledge of a knowledge base ID.

Detection Guidance

This vulnerability involves unauthorized file uploads linked to a knowledge base via the metadata.knowledge_id field without proper write-access checks. Detection would involve monitoring file upload requests to the Open WebUI instance, specifically looking for uploads that include the metadata.knowledge_id parameter.

You can detect potential exploitation by inspecting HTTP requests to the upload endpoint for suspicious or unexpected metadata.knowledge_id values, especially from users with read-only permissions.

Suggested commands include using network traffic capture tools like tcpdump or Wireshark to filter HTTP POST requests to the upload endpoint, for example:

  • tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'metadata.knowledge_id'
  • Alternatively, use curl or similar tools to test the upload endpoint with and without the metadata.knowledge_id field to verify if unauthorized uploads are possible.

Additionally, reviewing application logs for entries related to file uploads and checking for warnings or logs indicating skipped authorization checks can help detect attempts to exploit this vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-59217. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart