File Access Control Flaw in Open WebUI Affects User Operations
CVE-2026-59212
5.4MEDIUM
What is CVE-2026-59212?
An important security flaw exists in Open WebUI, an extensible self-hosted AI platform, where the _verify_knowledge_file_access function improperly checks permissions. This results in unauthorized users being able to escalate their access rights, allowing them to perform file write and delete operations on knowledge files they should only have read access to. This vulnerability affects all versions from 0.9.6 up to 0.10.0, and it has been resolved in version 0.10.0. Users are urged to upgrade to the latest version to mitigate potential risks.
Affected Version(s)
open-webui >= 0.9.6, < 0.10.0
