CVE-2026-45671: Open WebUI File Deletion Flaw Impacts Self-Hosted AI
The National Vulnerability Database has disclosed CVE-2026-45671, a high-severity vulnerability (CVSS 8.0) in Open WebUI, a self-hosted AI platform designed for offline operation. Prior to version 0.9.0, any authenticated user could permanently delete files belonging to other users. This is a critical access control bypass.
The flaw stems from a broken authorization gate, has_access_to_file(), which unconditionally grants access when a target file is referenced in a shared chat. It fails to verify the requesting user’s identity or the type of operation being performed. Attackers can easily discover file UUIDs via GET /api/v1/knowledge/{id}/files if they have read access to a knowledge base, circumventing the need for brute-force guessing. This enables targeted deletion of critical user data.
For defenders, this means a significant risk to data integrity and availability within Open WebUI deployments. An attacker gaining even low-level authenticated access can wipe files, disrupting operations and potentially causing data loss. The fix in version 0.9.0 is crucial, addressing both the authorization logic and the information disclosure of file UUIDs.
What This Means For You
- If your organization uses Open WebUI, you are exposed to critical data deletion by any authenticated user. Check your version immediately. Patch to 0.9.0 without delay to prevent unauthorized file deletion and maintain data integrity.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-45671: Open WebUI Unauthenticated File Deletion via Shared Chat Reference
title: CVE-2026-45671: Open WebUI Unauthenticated File Deletion via Shared Chat Reference
id: scw-2026-05-15-ai-1
status: experimental
level: high
description: |
Detects the specific API endpoint and HTTP method used in CVE-2026-45671 to delete files. An authenticated user can exploit this by referencing a file in a shared chat, bypassing normal authorization checks. This rule specifically targets the DELETE request to the /api/v1/files/{id} endpoint, which is the core of the vulnerability.
author: SCW Feed Engine (AI-generated)
date: 2026-05-15
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-45671/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-method:
- 'DELETE'
cs-uri:
- '/api/v1/files/*'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-45671 | Auth Bypass | Open WebUI versions prior to 0.9.0 |
| CVE-2026-45671 | Auth Bypass | DELETE /api/v1/files/{id} endpoint in Open WebUI |
| CVE-2026-45671 | Information Disclosure | GET /api/v1/knowledge/{id}/files endpoint in Open WebUI |
| CVE-2026-45671 | Privilege Escalation | Authenticated users can delete files owned by other users in Open WebUI < 0.9.0 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 15, 2026 at 23:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
radare2 Use-After-Free (CVE-2026-8696) Risks Denial of Service, RCE
CVE-2026-8696 — radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial...
CVE-2026-45675: Open WebUI Vulnerable to Admin Role Race Condition
CVE-2026-45675 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use...
Open WebUI CVE-2026-45399: Low-Privilege Users Disrupt System-Wide AI Tasks
CVE-2026-45399 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can...