CVE-2026-45301 open-webui CVE debrief

Who should care

Organizations operating self-hosted Open WebUI instances for offline AI workloads; security teams managing access control for multi-user AI platforms; compliance officers responsible for data segregation in on-premises AI deployments

Technical summary

The vulnerability exists in files-related API endpoints where authorization checks fail to validate file ownership against the requesting user. Authenticated sessions obtain blanket access to file metadata and content regardless of uploader identity. The fix in 0.3.16 implements proper ownership verification before file operations.

Defensive priority

high

Recommended defensive actions

• Upgrade Open WebUI to version 0.3.16 or later to remediate the missing permission check vulnerability
• Review file access logs for unauthorized enumeration, access, or deletion activity by non-owner accounts
• Validate that file-related API endpoints enforce ownership-based access controls after patching
• Consider implementing additional authorization logging for file operations in self-hosted AI platforms
• Assess whether sensitive files uploaded to the platform require integrity verification or backup restoration

Evidence notes

Vulnerability confirmed through GitHub Security Advisory GHSA-r8wh-8m7r-fh33 with vendor-supplied fix in version 0.3.16. CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N supports HIGH severity rating. CPE criteria confirms affected versions exclude 0.3.16 and later.

Official resources