{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-29071", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-03T20:51:43.482Z", "datePublished": "2026-03-26T23:54:38.117Z", "dateUpdated": "2026-03-27T20:06:33.347Z"}, "containers": {"cna": {"title": "Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories", "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "lang": "en", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/open-webui/open-webui/security/advisories/GHSA-w9f8-gxf9-rhvw", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-w9f8-gxf9-rhvw"}], "affected": [{"vendor": "open-webui", "product": "open-webui", "versions": [{"version": "< 0.8.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T23:54:38.117Z"}, "descriptions": [{"lang": "en", "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via `/api/v1/retrieval/query/collection`. Version 0.8.6 patches the issue."}], "source": {"advisory": "GHSA-w9f8-gxf9-rhvw", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T20:06:23.684368Z", "id": "CVE-2026-29071", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T20:06:33.347Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-29071", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-27T20:06:23.684368Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T20:06:28.818Z"}}], "cna": {"title": "Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories", "source": {"advisory": "GHSA-w9f8-gxf9-rhvw", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "open-webui", "product": "open-webui", "versions": [{"status": "affected", "version": "< 0.8.6"}]}], "references": [{"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-w9f8-gxf9-rhvw", "name": "https://github.com/open-webui/open-webui/security/advisories/GHSA-w9f8-gxf9-rhvw", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via `/api/v1/retrieval/query/collection`. Version 0.8.6 patches the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T23:54:38.117Z"}}}, "cveMetadata": {"cveId": "CVE-2026-29071", "state": "PUBLISHED", "dateUpdated": "2026-03-27T20:06:33.347Z", "dateReserved": "2026-03-03T20:51:43.482Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-26T23:54:38.117Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*", "matchCriteriaId": "98042D01-E16B-45CE-9BBC-E5A6E2AA2370", "versionEndExcluding": "0.8.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via `/api/v1/retrieval/query/collection`. Version 0.8.6 patches the issue."}, {"lang": "es", "value": "Open WebUI es una plataforma de inteligencia artificial autoalojada dise\u00f1ada para operar completamente sin conexi\u00f3n. Antes de la versi\u00f3n 0.8.6, cualquier usuario autenticado puede leer las memorias privadas de otros usuarios a trav\u00e9s de '/API/v1/retrieval/query/collection'. La versi\u00f3n 0.8.6 corrige el problema."}], "id": "CVE-2026-29071", "lastModified": "2026-04-01T16:09:53.443", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-27T00:16:22.983", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-w9f8-gxf9-rhvw"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.8.6)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "open-webui", "source": "cna", "vendor": "open-webui"}, "product": "open-webui", "vendor": "open-webui"}], "analysis": {"en": {"generated_at": "2026-04-02T03:33:01.891614+00:00", "value": {"mitigation_remediation": ["Upgrade Open WebUI to version 0.8.6 or later.", "If an upgrade is not immediately possible, restrict access to the /api/v1/retrieval/query/collection endpoint or enforce stricter role-based access controls to prevent unauthorized reads.", "Verify that the latest release has the IDOR fix applied and test access controls to ensure only the intended user can view private memories."], "summary": {"action": "Patch", "impact": "Unauthorized Data Access"}, "threat_synthesis": {"affected_systems": "The affected product is Open WebUI. All releases prior to version 0.8.6 are impacted. Users running those versions should upgrade to 0.8.6 or later to receive the fix.", "description_and_impact": "Open WebUI's API endpoint /api/v1/retrieval/query/collection can be used by any authenticated user to read the private memories of other users. This vulnerability is an insecure direct object reference (IDOR), allowing an attacker to access confidential data that should be isolated to the owner. The weakness is identified as CWE-639, an access control issue that permits read operations across user boundaries, potentially exposing sensitive personal information.", "risk_and_exploitability": "The CVSS score is 3.1, indicating low severity, and the EPSS score is below 1%, suggesting a low likelihood of exploitation in the wild. The vulnerability is not listed in CISA's KEV catalog. Attackers must first authenticate to the system, after which they can directly call the vulnerable API endpoint to retrieve another user's data. Because the flaw only grants read access and there are no known privilege escalation steps, the impact is limited to confidentiality leakage, not a broader system compromise."}}}}, "created": "2026-03-27T08:31:20.466688+00:00", "updated": "2026-04-02T07:56:01.608463+00:00", "vendors": ["open-webui", "open-webui$PRODUCT$open-webui"]}