CVE-2026-45402: Open WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints

May 14, 2026 (updated May 15, 2026)

Multiple endpoints accept a user-supplied file_id and attach the referenced file to a resource the caller controls (folder knowledge, knowledge-base contents) without verifying that the caller owns or has been granted access to the file. The file’s content then becomes reachable through the downstream RAG / file-content paths, allowing any authenticated user to exfiltrate any other user’s private file — and on the knowledge-base path, also to overwrite it — given knowledge of the file’s UUID.

References

github.com/advisories/GHSA-r472-mw7m-967f
github.com/open-webui/open-webui/releases/tag/v0.9.5
github.com/open-webui/open-webui/security/advisories/GHSA-r472-mw7m-967f
nvd.nist.gov/vuln/detail/CVE-2026-45402

Code Behaviors & Features

Detect and mitigate CVE-2026-45402 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →