CVE-2026-28788— Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite

CVSS 7.1 · High EPSS 0.05% · P15 Updated Mar 28, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-28788

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite

Source: NVD (National Vulnerability Database)

Vulnerability Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the `POST /api/v1/retrieval/process/files/batch` endpoint. The endpoint performs no ownership check, so a regular user with read access to a shared knowledge base can obtain file UUIDs via `GET /api/v1/knowledge/{id}/files` and then overwrite those files, escalating from read to write. The overwritten content is served to the LLM via RAG, meaning the attacker controls what the model tells other users. Version 0.8.6 patches the issue.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

通过用户控制密钥绕过授权机制

Source: NVD (National Vulnerability Database)

Vulnerability Title

Open WebUI 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Open WebUI是Open WebUI开源的一个可扩展、功能丰富、用户友好的自托管 WebUI。 Open WebUI 0.8.6之前版本存在安全漏洞，该漏洞源于/api/v1/retrieval/process/files/batch端点缺少所有权检查，可能导致任意文件内容被覆盖。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
open-webui	open-webui	< 0.8.6	-

II. Public POCs for CVE-2026-28788

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-28788

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2026-28788

Same Patch Batch · open-webui · 2026-03-26 · 4 CVEs total

CVE-2026-29070	5.4 MEDIUM	Open WebUI has unauthorized deletion of knowledge files
CVE-2026-28786	4.3 MEDIUM	Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`
CVE-2026-29071	3.1 LOW	Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memorie

IV. Related Vulnerabilities

Same product: open-webui

Same vendor: open-webui

Same weakness: CWE-639

V. Comments for CVE-2026-28788

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-28788— Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite

I. Basic Information for CVE-2026-28788

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-28788

III. Intelligence Information for CVE-2026-28788

Same Patch Batch · open-webui · 2026-03-26 · 4 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-28788

Leave a comment