{"data":{"id":"11613dd4-9487-4828-bb68-4b0e0798b88a","title":"GHSA-r472-mw7m-967f: Open WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints","summary":"Open WebUI has a security flaw where authenticated users can access and modify other users' private files by exploiting two endpoints that don't properly check file ownership. In the first case, attackers can inject victim file IDs into their own folders to make the AI read private documents as context. In the second case, attackers can attach victim files to their own knowledge bases (collections of documents used for RAG, retrieval-augmented generation) to read and overwrite those files entirely.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-r472-mw7m-967f","publishedAt":"2026-05-14T20:27:35.000Z","cveId":"CVE-2026-45402","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":["open-webui@<= 0.9.4 (fixed: 0.9.5)"],"affectedVendors":["OpenAI"],"affectedVendorsRaw":["Open WebUI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-14T20:27:35.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"rag","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}