PatchSiren cyber security CVE debrief
CVE-2026-44570 open-webui CVE debrief
Open WebUI versions prior to 0.6.19 contain broken authorization controls in the memories API that allow standard users to access, modify, and delete other users' memory data. The vulnerability stems from inconsistent access control enforcement across multiple endpoints: POST /api/v1/memories/query allows viewing arbitrary memories without ownership verification; POST /api/v1/memories/{memory_id}/update leaks memory content in error responses even when modification is blocked; DELETE /api/v1/memories/{memory_id} permits unauthorized deletion; and the update endpoint can restore previously deleted memories. An attacker with valid non-admin credentials can enumerate memory IDs to exfiltrate sensitive user data, destroy memories, or manipulate memory state. The CVSS 3.1 score of 8.3 reflects high confidentiality and integrity impact with low attack complexity. The vendor patched this in version 0.6.19.
- Vendor
- open-webui
- Product
- Unknown
- CVSS
- HIGH 8.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-15
- Original CVE updated
- 2026-05-18
- Advisory published
- 2026-05-15
- Advisory updated
- 2026-05-18
Who should care
Organizations running self-hosted Open WebUI instances with multiple users, particularly those storing sensitive conversational memory data or operating in multi-tenant configurations
Technical summary
The memories API in Open WebUI before 0.6.19 fails to enforce ownership checks consistently across query, update, and delete operations. The POST /api/v1/memories/query endpoint returns memories regardless of user ownership. The POST /api/v1/memories/{memory_id}/update endpoint leaks memory content in responses even when write access is denied. The DELETE /api/v1/memories/{memory_id} endpoint lacks authorization checks entirely. Deleted memories remain restorable through the update endpoint. These flaws enable authenticated non-admin users to achieve cross-user memory access with CVSS 8.3 severity.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Open WebUI to version 0.6.19 or later to obtain the authorization control fixes
- Review access logs for anomalous API calls to /api/v1/memories/* endpoints from non-admin accounts, particularly POST /api/v1/memories/query, DELETE operations, and update attempts on memory IDs not owned by the caller
- Audit existing memories for unauthorized modifications or deletions by comparing current state against known-good backups if available
- Implement network-level access controls or API gateway rules to restrict memories endpoint access to authorized administrative contexts until patching is complete
- Monitor for repeated sequential or patterned memory_id values in API requests that may indicate enumeration attempts
- Review application logs for error responses from POST /api/v1/memories/{memory_id}/update containing memory content, which indicates active exploitation of the information disclosure vector
Evidence notes
NVD analyzed status with CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L vector. GitHub Security Advisory tagged as Exploit and Vendor Advisory. CWE-639 (Authorization Bypass Through User-Controlled Key) identified. CPE confirms affected versions exclude 0.6.19.
Official resources
-
CVE-2026-44570 CVE record
CVE.org
-
CVE-2026-44570 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Vendor Advisory
2026-05-15