CVE-2026-54010: Open WebUI: Forged chat-file link allows cross-user file read and deletion

June 17, 2026

Open WebUI v0.9.5 lets an authenticated user attach arbitrary file_id values to their own chat message without checking whether they own or can read those files. If the attacker then shares that chat and grants themselves read access, has_access_to_file() treats the victim file as accessible through the shared chat, and the file endpoints read or delete the victim file.

References

github.com/advisories/GHSA-vrhc-3fr6-pc3c
github.com/open-webui/open-webui/pull/24755
github.com/open-webui/open-webui/pull/25054
github.com/open-webui/open-webui/security/advisories/GHSA-vrhc-3fr6-pc3c
nvd.nist.gov/vuln/detail/CVE-2026-54010

Code Behaviors & Features

Detect and mitigate CVE-2026-54010 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →