CVE-2026-54016 | Open WebUI is a self-hosted artificial intelligence platform… | CVSS 4.3 MEDIUM

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI has a Broken Object Level Authorization (BOLA) vulnerability in the builtin search_knowledge_files tool. When native function calling is enabled and the selected model has no attached knowledge bases, an authenticated user can call search_knowledge_files with an arbitrary knowledge_id. The function then returns file metadata from that knowledge base without checking whether the user has read access. This allows unauthorized enumeration of private or restricted knowledge base files. This vulnerability is fixed in 0.9.6.

Metadata

CVE ID: CVE-2026-54016
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2026-06-11 16:34 UTC
Published: 2026-06-23 16:43 UTC
Last updated: 2026-06-23 17:39 UTC
Primary CWE: CWE-639
CWE-639: Authorization Bypass Through User-Controlled Key
Vendor / Product: open-webui / open-webui
Sources: cve.org · NVD

Severity & Metrics

4.3 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
open-webui	open-webui	—	< 0.9.6

Weakness (CWE)

CWE	Source	Description
CWE-639	cna	CWE-639: Authorization Bypass Through User-Controlled Key

CVSS scores (1)

Score	Severity	Version	Source	Vector
4.3	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References (1)

https://github.com/open-webui/open-webui/security/advisories/GHSA-cx9v-4qj2-jrw6 https://github.com/open-webui/open-webui/security/advisories/GHSA-cx9v-4qj2-jrw6