CVE-2026-44557 MEDIUM

CVE-2026-44557: Open WebUI: Global Knowledge Base Enumeration via knowledge-bases Meta-Collection

Vendor Open-Webui

Product open-webui

Weakness CWE-863 · Incorrect authorization

Published May 15, 2026

Last update May 18, 2026

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the _validate_collection_access function uses an incomplete allowlist that only enforces ownership checks for collections matching user-memory-* and file-* patterns. All other collection names pass through unchecked — including the system-level knowledge-bases meta-collection, which stores the IDs, names, and descriptions of every knowledge base on the instance. Any authenticated user can query this meta-collection directly via the retrieval query endpoints to obtain a global index of all knowledge bases across all users. This vulnerability is fixed in 0.9.0.

Key dates

02Disclosure timeline

May 15, 2026 CVE published

May 18, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-44557 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

CVE-2026-44557: Open WebUI: Global Knowledge Base Enumeration via knowledge-bases Meta-Collection

01Description

02Disclosure timeline

03References

04Related CVE