CVEFinder.io

CVE-2026-54012

⚠️ high
🔍 Scan for this CVE
Summary

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets a user who can create, update, or import workspace models store arbitrary meta.knowledge entries on their model without checking whether they own or can read the referenced files. Open WebUI then treats meta.knowledge entries of type file as an authorization source in two places: the built-in view_file tool reads the file's extracted text, and has_access_to_file()'s

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets a user who can create, update, or import workspace models store arbitrary meta.knowledge entries on their model without checking whether they own or can read the referenced files. Open WebUI then treats meta.knowledge entries of type file as an authorization source in two places: the built-in view_file tool reads the file's extracted text, and has_access_to_file()'s model branch authorizes the file content and file delete endpoints. A malicious model owner can therefore attach another user's file ID to their model metadata and read or delete that private file. This vulnerability is fixed in 0.9.6.

CVSS Score
7.1
High
EPSS Score
0.2
Exploit Probability
Published Date
2026-06-23
First Seen: 2026-06-25
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 53.3% of all 329,778 vulnerabilities in our database.

#153,990
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Jun 23, 2026
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-06-25
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
CWE IDs (Weakness Types)
CWE-284 CWE-285 CWE-862

📦 Affected Products 1

Vendor Product Status Affected Versions
openwebui open_webui Affected
< 0.9.6

🔗 References 1

https://github.com/open-webui/open-webui/security/ad...
Exploit Vendor Advisory Mitigation

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-54006 🔶 medium 4.3 0.2 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST ... 2026-06-23
CVE-2026-54007 🔶 medium 6.5 0.2 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the c... 2026-06-23
CVE-2026-54008 ⚠️ high 8.5 0.2 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backe... 2026-06-23
CVE-2026-54009 🔶 medium 6.5 0.2 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST ... 2026-06-23
CVE-2026-54010 ⚠️ high 8.3 0.2 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open ... 2026-06-23
CVE-2026-54011 ⚠️ high 8.7 0.3 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open W... 2026-06-23
These CVEs affect the same products