NIXPKGS-2026-0805

GitHub issue published on

Permalink CVE-2026-28788

7.1 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): HIGH
Availability impact (A): LOW

updated 1 week, 5 days ago by @LeSuisse Activity log

Created automatic suggestion 1 week, 5 days ago
@LeSuisse accepted 1 week, 5 days ago
@LeSuisse published on GitHub 1 week, 5 days ago

Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the `POST /api/v1/retrieval/process/files/batch` endpoint. The endpoint performs no ownership check, so a regular user with read access to a shared knowledge base can obtain file UUIDs via `GET /api/v1/knowledge/{id}/files` and then overwrite those files, escalating from read to write. The overwritten content is served to the LLM via RAG, meaning the attacker controls what the model tells other users. Version 0.8.6 patches the issue.

References

https://github.com/open-webui/open-webui/security/advisories/GHSA-jjp7-g2jw-wh3j x_refsource_CONFIRM

Affected products

open-webui

==< 0.8.6

Matching in nixpkgs

pkgs.open-webui

Comprehensive suite for LLMs with a user-friendly WebUI

nixos-unstable 0.8.10
- nixpkgs-unstable 0.8.10
- nixos-unstable-small 0.8.10
nixos-25.11 0.8.10
- nixos-25.11-small 0.8.10
- nixpkgs-25.11-darwin 0.8.10

Package maintainers

@drupol Pol Dellaiera <pol.dellaiera@protonmail.com>
@shivaraj-bh Shivaraj B H <sbh69840@gmail.com>

Upstream advisory: https://github.com/open-webui/open-webui/security/advisories/GHSA-jjp7-g2jw-wh3j

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0805

References

Affected products

Matching in nixpkgs

pkgs.open-webui

Package maintainers