Open WebUI Vulnerability: Unauthorized Collection Deletion (CVE-2026-44554)
A critical vulnerability, CVE-2026-44554, has been identified in Open WebUI, a self-hosted offline AI platform. The National Vulnerability Database reports that versions prior to 0.9.0 are affected. The flaw lies within the POST /api/v1/retrieval/process/web endpoint, which accepts a user-supplied collection_name and an overwrite parameter, defaulting to True.
The core issue, as detailed by the National Vulnerability Database, is a complete lack of authorization checks. An unprivileged attacker can specify any collection_name and, when overwrite=True, the save_docs_to_vector_db function will call VECTOR_DB_CLIENT.delete_collection() on the target. This effectively allows any authenticated user to delete any collection in the vector database, regardless of ownership or permissions. It’s a classic authorization bypass that leads directly to data integrity and availability compromise.
Rated with a CVSS score of 8.1 (HIGH), this vulnerability (CWE-862: Missing Authorization) highlights a fundamental security oversight. While the National Vulnerability Database does not specify affected products beyond Open WebUI itself, the impact is clear: unauthorized data destruction. The fix is available in Open WebUI version 0.9.0.
What This Means For You
- If your organization utilizes Open WebUI, you need to immediately verify your version. If it's prior to 0.9.0, patch to the latest version without delay. This isn't just a data modification risk; it's a direct path to total data loss for your AI collections. An attacker doesn't need high privileges to wipe your vector database clean.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-44554 - Open WebUI Unauthorized Collection Deletion
title: CVE-2026-44554 - Open WebUI Unauthorized Collection Deletion
id: scw-2026-05-15-ai-1
status: experimental
level: high
description: |
Detects attempts to exploit CVE-2026-44554 by sending a POST request to the /api/v1/retrieval/process/web endpoint with the 'overwrite=True' parameter, which allows unauthorized deletion of collections in Open WebUI versions prior to 0.9.0.
author: SCW Feed Engine (AI-generated)
date: 2026-05-15
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-44554/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/api/v1/retrieval/process/web'
cs-method|exact:
- 'POST'
cs-uri-query|contains:
- 'overwrite=True'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-44554 | Auth Bypass | Open WebUI versions prior to 0.9.0 |
| CVE-2026-44554 | Auth Bypass | Open WebUI POST /api/v1/retrieval/process/web endpoint |
| CVE-2026-44554 | Auth Bypass | Open WebUI collection_name parameter in POST /api/v1/retrieval/process/web |
| CVE-2026-44554 | Auth Bypass | Open WebUI overwrite query parameter in POST /api/v1/retrieval/process/web |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 15, 2026 at 23:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
radare2 Use-After-Free (CVE-2026-8696) Risks Denial of Service, RCE
CVE-2026-8696 — radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial...
CVE-2026-45675: Open WebUI Vulnerable to Admin Role Race Condition
CVE-2026-45675 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use...
CVE-2026-45671: Open WebUI File Deletion Flaw Impacts Self-Hosted AI
CVE-2026-45671 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delete files...