CVE-2026-44557: Open WebUI vulnerable to Global Knowledge Base Enumeration via knowledge-bases Meta-Collection

May 8, 2026

The _validate_collection_access function uses an incomplete allowlist that only enforces ownership checks for collections matching user-memory-* and file-* patterns. All other collection names pass through unchecked — including the system-level knowledge-bases meta-collection, which stores the IDs, names, and descriptions of every knowledge base on the instance.

Any authenticated user can query this meta-collection directly via the retrieval query endpoints to obtain a global index of all knowledge bases across all users.

References

github.com/advisories/GHSA-6c2x-gcp3-gp73
github.com/open-webui/open-webui
github.com/open-webui/open-webui/security/advisories/GHSA-6c2x-gcp3-gp73
nvd.nist.gov/vuln/detail/CVE-2026-44557

Code Behaviors & Features

Detect and mitigate CVE-2026-44557 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →