PatchSiren cyber security CVE debrief
CVE-2026-44554 open-webui CVE debrief
Open WebUI versions prior to 0.9.0 contain a broken access control vulnerability in the document retrieval API. The POST /api/v1/retrieval/process/web endpoint accepts user-supplied collection_name and overwrite parameters without verifying ownership or write permissions. When overwrite=True (the default), the application deletes the target collection via VECTOR_DB_CLIENT.delete_collection() before writing new content, allowing any authenticated user to destroy arbitrary vector collections belonging to other users. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) reflects network attackability, low attack complexity, low privileges required, and high impacts to integrity and availability. The vulnerability was disclosed via GitHub Security Advisory and patched in version 0.9.0.
- Vendor
- open-webui
- Product
- Unknown
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-15
- Original CVE updated
- 2026-05-19
- Advisory published
- 2026-05-15
- Advisory updated
- 2026-05-19
Who should care
Organizations running self-hosted Open WebUI instances with multiple users or shared vector collections; security teams managing AI/ML infrastructure; developers building on Open WebUI's retrieval APIs
Technical summary
The vulnerability exists in the document retrieval pipeline where collection_name parameter trust and default overwrite=true behavior combine to allow destructive operations without ownership verification. The save_docs_to_vector_db function's unconditional delete_collection() call when overwrite is enabled creates an availability and integrity risk for multi-tenant or multi-user Open WebUI deployments.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Open WebUI to version 0.9.0 or later to remediate the authorization bypass
- Review vector database collection access patterns to confirm no unauthorized deletions occurred prior to patching
- Implement additional authorization checks at the API gateway or reverse proxy layer for the /api/v1/retrieval/process/web endpoint as defense in depth
- Audit collection ownership and permission models if running customized or forked versions of Open WebUI
- Monitor application logs for unusual collection deletion patterns or repeated calls to the retrieval process endpoint with overwrite=true
Evidence notes
NVD analyzed status confirms technical details. GitHub advisory provides vendor acknowledgment and fix version. CPE criteria confirms affected versions below 0.9.0.
Official resources
-
CVE-2026-44554 CVE record
CVE.org
-
CVE-2026-44554 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Vendor Advisory
2026-05-15