CVE-2026-29071 PUBLISHED

Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories

Assigner: GitHub_M
Reserved: 03.03.2026 Published: 26.03.2026 Updated: 26.03.2026

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via /api/v1/retrieval/query/collection. Version 0.8.6 patches the issue.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS Score: 3.1

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	Low
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	open-webui
Product	open-webui
Versions	Version < 0.8.6 is affected

References

https://github.com/open-webui/open-webui/security/advisories/GHSA-w9f8-gxf9-rhvw

Problem Types

CWE-639: Authorization Bypass Through User-Controlled Key CWE