CVE-2026-54014 open-webui CVE debrief

Who should care

Users of Open WebUI, especially those hosting it themselves, should be aware of this vulnerability. If an attacker gains authenticated access to the platform, they could potentially read sensitive files from sibling directories. This could lead to information disclosure and potentially aid in further exploitation. Therefore, users should prioritize upgrading to version 0.9.6 or applying appropriate mitigations.

Technical summary

The vulnerability exists in the cache file serving endpoint of Open WebUI. An authenticated user can exploit an incomplete path validation check to access files outside the intended cache directory. The validation check in serve_cache_file() uses file_path.startswith(os.path.abspath(CACHE_DIR)) without appending a path separator, allowing paths in sibling directories starting with 'cache' to pass validation. This issue is addressed in version 0.9.6.

Defensive priority

Medium priority should be given to patching or mitigating this vulnerability. While it requires authenticated access, the potential for information disclosure and aiding further exploitation exists.

Recommended defensive actions

• Upgrade Open WebUI to version 0.9.6 or later.
• Implement additional access controls and monitoring for authenticated users.
• Review and restrict access to sensitive directories and files.
• Consider applying compensating controls such as Web Application Firewalls (WAFs).
• Monitor for any suspicious activity related to file access.

Evidence notes

The CVE and NVD provide details on the vulnerability. The CVE record and NVD detail pages offer information on the affected versions and potential impacts. A vendor advisory is available on GitHub, detailing the mitigation and fix in version 0.9.6.

Official resources