CVE-2026-44560: Open WebUI has Unauthorized File and Knowledge Base Content Access via RAG Vector Search
The get_sources_from_items function resolves file and knowledge base references into vector search queries during chat completion. Three of the five code paths perform vector store queries without any authorization check, allowing users to extract content from files and knowledge bases they do not have access to.
| Path | Lines | Access Check |
|---|---|---|
type: "file", full-context | 1044-1050 | ✅ has_access_to_file |
type: "file", non-full-context (default) | 1063-1068 | ❌ None |
type: "collection" | 1070-1118 | ✅ Present |
type: "text" with collection_name | 963-965 | ❌ None |
Bare collection_name/collection_names | 1126-1131 | ❌ None |
The three unprotected paths pass user-supplied collection names directly to query_collection(), which queries the vector store without any authorization. Collection names follow predictable formats: file-<file_id> for files and the knowledge base UUID for knowledge bases.
References
Code Behaviors & Features
Detect and mitigate CVE-2026-44560 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →