Open WebUI: Authenticated User Can Overwrite Any File

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

Open WebUI: Authenticated User Can Overwrite Any File

CVE-2026-28788

Summary

A security issue in Open WebUI allows any authenticated user to modify any file on the platform, potentially allowing an attacker to tamper with the artificial intelligence's responses to other users. This issue is fixed in version 0.8.6. If you're using an earlier version, update to the latest version as soon as possible to prevent unauthorized changes to your files.

Original title

Original description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the `POST /api/v1/retrieval/process/files/batch` endpoint. The endpoint performs no ownership check, so a regular user with read access to a shared knowledge base can obtain file UUIDs via `GET /api/v1/knowledge/{id}/files` and then overwrite those files, escalating from read to write. The overwritten content is served to the LLM via RAG, meaning the attacker controls what the model tells other users. Version 0.8.6 patches the issue.

nvd CVSS3.1 7.1

Vulnerability type

CWE-639 Authorization Bypass Through User-Controlled Key

https://github.com/open-webui/open-webui/security/advisories/GHSA-jjp7-g2jw-wh3j

Published: 27 Mar 2026 · Updated: 27 Mar 2026 · First seen: 27 Mar 2026