AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-w9f8-gxf9-rhvw: Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories

lowvulnerability

security

Source: GitHub Advisory DatabaseMarch 27, 2026CVE-2026-29071

Summary

Open WebUI has an insecure direct object reference (IDOR, a flaw where an app doesn't properly check if a user should access specific data) in its retrieval API that lets any authenticated user read other users' private memories and uploaded files by guessing collection names like 'user-memory-{USER_UUID}' or 'file-{FILE_UUID}'. The vulnerability exists because the API checks that a user is logged in, but doesn't verify they own the data they're requesting.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Patch Available

Yes

Disclosure Date

March 27, 2026

Classification

Attack Type

Data Extraction

Attack SophisticationTrivial

Impact (CIA+S)

confidentialityintegrity

Affected Vendors

Affected Packages

open-webui@<= 0.8.5 (fixed: 0.8.6)

Related Issues

critical

CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive

Similar attackNVD/CVE Database

high

CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint

First tracked: March 27, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 95%