PatchSiren cyber security CVE debrief
CVE-2026-54016 Openwebui CVE debrief
CVE-2026-54016 is a Broken Object Level Authorization (BOLA) vulnerability in Open WebUI's builtin search_knowledge_files tool. Prior to version 0.9.6, when native function calling is enabled and the selected model has no attached knowledge bases, an authenticated user can call search_knowledge_files with an arbitrary knowledge_id. The function then returns file metadata from that knowledge base without checking whether the user has read access. This allows unauthorized enumeration of private or restricted knowledge base files. The vulnerability has a CVSS score of 4.3 and is classified as MEDIUM severity. Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline.
- Vendor
- Openwebui
- Product
- Open Webui
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-23
- Original CVE updated
- 2026-06-25
- Advisory published
- 2026-06-23
- Advisory updated
- 2026-06-25
Who should care
Security teams and administrators responsible for Open WebUI installations should be aware of this vulnerability. The vulnerability allows unauthorized enumeration of private or restricted knowledge base files, which could potentially lead to sensitive information disclosure. Affected installations are those using Open WebUI versions prior to 0.9.6.
Technical summary
The BOLA vulnerability in Open WebUI's search_knowledge_files tool allows an authenticated user to call the function with an arbitrary knowledge_id when native function calling is enabled and the selected model has no attached knowledge bases. The function returns file metadata without checking read access, enabling unauthorized enumeration of private or restricted knowledge base files. This issue is fixed in Open WebUI version 0.9.6. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 4.3, indicating a MEDIUM severity level.
Defensive priority
Defenders should prioritize patching Open WebUI installations to version 0.9.6 or later. In the interim, restricting access to the search_knowledge_files tool and closely monitoring for suspicious activity related to knowledge base file enumeration can help mitigate the risk.
Recommended defensive actions
- Patch Open WebUI installations to version 0.9.6 or later.
- Restrict access to the search_knowledge_files tool.
- Closely monitor for suspicious activity related to knowledge base file enumeration.
- Review and update access controls for knowledge bases.
- Consider implementing additional logging and monitoring for sensitive file access attempts.
Evidence notes
The CVE-2026-54016 details are sourced from the official CVE record and the National Vulnerability Database (NVD). The vulnerability is described as a BOLA issue in Open WebUI's search_knowledge_files tool, allowing unauthorized enumeration of knowledge base files. The CVSS score and severity level are based on the CVSS:3.1 vector provided: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.
Official resources
-
CVE-2026-54016 CVE record
CVE.org
-
CVE-2026-54016 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Vendor Advisory, Mitigation
This article is AI-assisted and based on the supplied source corpus.