{"data":{"id":"5b8d7e03-844b-4ac2-981f-a24a48bec836","title":"GHSA-4g37-7p2c-38r9: Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base Access Controls","summary":"Open WebUI has a vulnerability where the `_validate_collection_access()` function (a security check) only blocks access to collections with specific name prefixes, but knowledge bases use raw UUIDs (unique identifiers) as collection names, so the check skips them entirely. Any logged-in user who knows a private knowledge base's UUID can read its contents or inject fake data into it through the retrieval API endpoints, even though the knowledge API itself correctly blocks that access.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-4g37-7p2c-38r9","publishedAt":"2026-05-14T20:26:42.000Z","cveId":"CVE-2026-45398","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["rag_poisoning"],"issueType":"vulnerability","affectedPackages":["open-webui@<= 0.9.4 (fixed: 0.9.5)"],"affectedVendors":[],"affectedVendorsRaw":["Open WebUI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-14T20:26:42.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"rag","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}