CVE-2026-54022 open-webui CVE debrief

Who should care

Defenders of Open WebUI installations should be aware of this vulnerability and take steps to remediate it. This includes upgrading to version 0.8.11 or applying compensating controls to limit access to sensitive documents. Security teams should prioritize this vulnerability based on its potential impact on sensitive data.

Technical summary

The vulnerability exists in the ydoc:document:join Socket.IO handler, which checks note ownership only when the document_id starts with 'note:' (colon). However, the YdocManager storage layer normalizes all document IDs by replacing colons with underscores (document_id.replace(':', '_')). An attacker can join a document room using 'note_<id>' (underscore) instead of 'note:<id>' (colon), bypassing the authorization check entirely while accessing the same underlying Yjs document. The server then returns the full document state, leaking the victim's private note contents.

Defensive priority

Defenders should prioritize remediating this vulnerability based on its potential impact on sensitive data. Upgrading to version 0.8.11 is the recommended course of action.

Recommended defensive actions

• Upgrade Open WebUI to version 0.8.11
• Implement compensating controls to limit access to sensitive documents
• Monitor for suspicious activity related to document access
• Review and update access controls for document rooms
• Perform inventory checks to identify potentially affected systems

Evidence notes

The vulnerability is documented in the CVE record and the NVD detail page. The vendor has released a security advisory detailing the issue and the fix. The vulnerability has a CVSS score of 5.3 and a severity of MEDIUM.

Official resources