{"data":{"id":"0b59d05e-70b2-46e6-9c00-c6c066a70fda","title":"GHSA-26g9-27vm-x3q8: Open WebUI: shared-chat branch ignores access_type, allowing unauthorized file deletion","summary":"Any authenticated user can permanently delete files owned by other users in Open WebUI when those files are referenced in shared chats, because the authorization check (the code that verifies whether a user should be allowed to perform an action) ignores both the user's identity and the type of operation being requested. File IDs can be discovered by users with read access to knowledge bases (repositories of documents), making this vulnerability practical to exploit.","solution":"Gate the shared-chat branch on `access_type` so it only authorizes read operations: `if access_type == \"read\": chats = Chats.get_shared_chats_by_file_id(file_id, db=db) if chats: return True`. This ensures that only read requests pass the authorization check when a file is in a shared chat, while delete and write requests are blocked.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-26g9-27vm-x3q8","publishedAt":"2026-05-14T20:28:34.000Z","cveId":"CVE-2026-45671","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["open-webui@<= 0.8.12 (fixed: 0.9.0)"],"affectedVendors":["OpenAI"],"affectedVendorsRaw":["Open WebUI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-14T20:28:34.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}