PatchSiren cyber security CVE debrief
CVE-2026-44566 open-webui CVE debrief
CVE-2026-44566 affects Open WebUI versions prior to 0.1.124. According to the GitHub security advisory and NVD entry, the application derives the attached file name from the original HTTP upload request without validating or sanitizing it. That allows dot-segments in the file path to traverse out of the intended uploads directory, potentially writing files anywhere on the filesystem that the web server process can access. The issue is fixed in Open WebUI 0.1.124.
- Vendor
- open-webui
- Product
- Unknown
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-15
- Original CVE updated
- 2026-05-19
- Advisory published
- 2026-05-15
- Advisory updated
- 2026-05-19
Who should care
Administrators and operators of self-hosted Open WebUI deployments, especially any instance that accepts user file attachments or prompt uploads. Security teams should also care if Open WebUI runs with filesystem permissions broader than the uploads directory.
Technical summary
The vulnerability is a path traversal issue in the file attachment handling flow. The supplied file name is taken from the HTTP upload request and not properly sanitized before path construction, so dot-segments can escape the uploads directory. The practical result is arbitrary file placement within the server process’s writable locations, with impact bounded by the permissions of the account running the web server. The source data maps the issue to CWE-22 and CWE-434 and assigns CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L.
Defensive priority
High. Any deployment that exposes the upload feature should prioritize upgrading to the fixed release, because the issue requires no privileges or user interaction and can affect filesystem integrity wherever the service account can write.
Recommended defensive actions
- Upgrade Open WebUI to version 0.1.124 or later.
- Review whether the service account has broader filesystem write permissions than necessary and reduce them where possible.
- Check for unexpected files written outside the intended uploads directory, especially in writable application paths.
- If immediate upgrade is not possible, limit exposure of the upload feature until the fixed version is deployed.
- Validate any upstream or downstream handling that trusts uploaded file names, and ensure path normalization/sanitization is enforced consistently.
Evidence notes
The description in the supplied source corpus states that prior to 0.1.124, file names attached to prompts were derived from the original HTTP upload request without validation or sanitization, enabling dot-segment traversal outside the uploads directory. The same source states the issue is fixed in 0.1.124. NVD lists the CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L and weak points CWE-22 and CWE-434. The NVD record status in the supplied item is 'Undergoing Analysis'.
Official resources
-
CVE-2026-44566 CVE record
CVE.org
-
CVE-2026-44566 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Vendor Advisory
The CVE was published on 2026-05-15 and was last modified on 2026-05-18 in the supplied timeline. The advisory source identifies Open WebUI versions prior to 0.1.124 as affected and states that 0.1.124 fixes the issue.