PatchSiren cyber security CVE debrief
CVE-2026-44565 open-webui CVE debrief
CVE-2026-44565 affects Open WebUI versions prior to 0.6.10. When an audio file is uploaded, the service derives the saved name from the original HTTP upload request without validating or sanitizing it. That lets a user include dot-segments in the filename and escape the intended uploads directory, potentially writing files anywhere the web server account can access. The issue is rated HIGH severity (CVSS 8.1) and was published on 2026-05-15, with an update on 2026-05-18.
- Vendor
- open-webui
- Product
- Unknown
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-15
- Original CVE updated
- 2026-05-19
- Advisory published
- 2026-05-15
- Advisory updated
- 2026-05-19
Who should care
Administrators and operators of self-hosted Open WebUI deployments, especially environments that allow user file uploads or run the service with filesystem write access outside a tightly confined uploads directory. Security teams should also care if the application is exposed to multiple authenticated users or runs with broad service-account permissions.
Technical summary
The flaw is a path traversal issue in the audio upload handling path. Instead of fully normalizing and constraining the uploaded filename, Open WebUI accepts the request-derived name as-is. By embedding dot-segments, an attacker with upload capability can force the server to resolve the destination outside the intended uploads directory. The impact is arbitrary file write within the permissions of the web server process, which aligns with the reported confidentiality, integrity, and availability impact profile of the CVSS vector (network reachable, low complexity, privileges required, no user interaction, integrity high, availability high).
Defensive priority
High. This is a straightforward file-write primitive in a network-facing upload path, and it affects authenticated users. The safest response is to upgrade immediately to 0.6.10 or later and reduce the service account's filesystem reach until remediation is complete.
Recommended defensive actions
- Upgrade Open WebUI to 0.6.10 or later.
- Audit the service account's filesystem permissions and restrict write access to only the intended uploads directory.
- Review upload handling controls to ensure filenames are normalized, validated, and confined to a safe base directory.
- Check for unexpected files or changes outside the uploads directory, especially near the time of suspicious audio uploads.
- If the deployment supports it, isolate uploads in a dedicated volume or container boundary to limit the impact of future write-path issues.
- Monitor logs for upload attempts containing path separators or dot-segment patterns.
Evidence notes
This debrief is based on the supplied CVE record and the linked GitHub Security Advisory. The NVD record lists the issue as published on 2026-05-15 and modified on 2026-05-18, with CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H and CWE-22. The advisory states the issue is fixed in Open WebUI 0.6.10. No KEV listing was provided in the supplied corpus.
Official resources
-
CVE-2026-44565 CVE record
CVE.org
-
CVE-2026-44565 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Vendor Advisory
Publicly disclosed via the official CVE record and GitHub Security Advisory. The provided data indicates publication on 2026-05-15 and a subsequent CVE modification on 2026-05-18.