CVE-2026-28788

HIGH 7.1

Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite

CVSS Score

7.1

EPSS Score

0.0%

EPSS Percentile

10th

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the `POST /api/v1/retrieval/process/files/batch` endpoint. The endpoint performs no ownership check, so a regular user with read access to a shared knowledge base can obtain file UUIDs via `GET /api/v1/knowledge/{id}/files` and then overwrite those files, escalating from read to write. The overwritten content is served to the LLM via RAG, meaning the attacker controls what the model tells other users. Version 0.8.6 patches the issue.

CWE	CWE-639
Vendor	open-webui
Product	open-webui
Published	Mar 26, 2026
Last Updated	Mar 27, 2026

Stay Ahead of the Next One

Get instant alerts for open-webui open-webui

Be the first to know when new high vulnerabilities affecting open-webui open-webui are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

Low

Affected Versions

open-webui / open-webui

< 0.8.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/open-webui/open-webui/security/advisories/GHSA-jjp7-g2jw-wh3j