CVE-2026-44554: Open WebUI has Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite

May 8, 2026

The POST /api/v1/retrieval/process/web endpoint accepts a user-supplied collection_name and an overwrite query parameter (default: True). It performs no authorization check on whether the calling user owns or has write access to the target collection. When overwrite=True, save_docs_to_vector_db calls VECTOR_DB_CLIENT.delete_collection() on the target collection before writing new content.

Combined with the knowledge base enumeration vulnerability (separate report), an attacker can trivially discover any user’s knowledge base UUID and then destroy or poison it.

References

github.com/advisories/GHSA-7r82-qhg4-6wvj
github.com/open-webui/open-webui
github.com/open-webui/open-webui/security/advisories/GHSA-7r82-qhg4-6wvj
nvd.nist.gov/vuln/detail/CVE-2026-44554

Code Behaviors & Features

Detect and mitigate CVE-2026-44554 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →