Open WebUI Vulnerability Exposes All User Files

/HIGH /CVSS 8.1/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-284
Open WebUI Vulnerability Exposes All User Files

The National Vulnerability Database has detailed CVE-2026-45301, a critical missing permission check in Open WebUI, a self-hosted AI platform. This flaw, present in versions prior to 0.3.16, allows any authenticated user to list, access, and delete files uploaded by any other user on the platform. This isn’t just a disclosure; it’s a full compromise of data integrity and confidentiality across the entire instance.

The vulnerability stems from a fundamental breakdown in authorization logic within all file-related API endpoints. An attacker doesn’t need elevated privileges; standard authenticated access is sufficient. This significantly broadens the attack surface, making exploitation trivial for anyone with a valid login. The CVSS score of 8.1 (HIGH) reflects the high impact on confidentiality and integrity, with low attack complexity and required privileges.

Open WebUI instances are designed to operate offline, often handling sensitive internal data or proprietary models. This vulnerability means that internal users, even those with limited roles, could exfiltrate or tamper with critical data. The fix is in version 0.3.16; organizations running this platform must prioritize immediate patching to prevent unauthorized data access and deletion.

What This Means For You

  • If your organization uses Open WebUI, you must patch to version 0.3.16 immediately. This isn't a theoretical risk; it's a direct path for any authenticated user to access and delete *all* files uploaded by *any* other user. Audit your logs for unusual file access patterns or deletions, especially if patching hasn't been completed.

Related ATT&CK Techniques

T1110.001 Password Guessing Credential Access T1078.004 Web Services Initial Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1110.001 Privilege Escalation

Open WebUI Unauthorized File Access - CVE-2026-45301

Sigma YAML — free preview 
title: Open WebUI Unauthorized File Access - CVE-2026-45301
id: scw-2026-05-15-ai-1
status: experimental
level: critical
description: |
  Detects attempts to access, list, or delete files via the /api/files/ endpoints in Open WebUI versions prior to 0.3.16. This indicates exploitation of CVE-2026-45301, where authenticated users can access all files uploaded by any user due to a missing permission check.
author: SCW Feed Engine (AI-generated)
date: 2026-05-15
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-45301/
tags:
  - attack.privilege_escalation
  - attack.t1110.001
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/api/files/'
      cs-method:
          - 'GET'
          - 'POST'
          - 'DELETE'
      sc-status:
          - '200'
          - '201'
          - '204'
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-45301 Auth Bypass Open WebUI versions prior to 0.3.16
CVE-2026-45301 Information Disclosure Open WebUI versions prior to 0.3.16, missing permission check in file related API endpoints
CVE-2026-45301 Privilege Escalation Open WebUI versions prior to 0.3.16, allows authenticated users to list, access, and delete files uploaded by other users

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 16, 2026 at 01:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

Open WebUI XSS Allows Privilege Escalation to Super Admin

CVE-2026-45665 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting (XSS) vulnerability exists...

vulnerabilityCVEhigh-severitycross-site-scripting-xsscwe-79
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-45351 — Open WebUI is a self-hosted artificial intelligence

CVE-2026-45351 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user [non-admin] logs into...

vulnerabilityCVEmedium-severitycwe-200
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 2 Sigma

CVE-2026-45350: Open WebUI API Flaw Exposes Tools to Unauthorized Access

CVE-2026-45350 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion...

vulnerabilityCVEhigh-severitycwe-862
/SCW Vulnerability Desk /HIGH /7.1 /⚑ 4 IOCs /⚙ 3 Sigma