AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-vvxm-vxmr-624h: Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

mediumvulnerability

security

Source: GitHub Advisory DatabaseMarch 27, 2026CVE-2026-28786

Summary

Open WebUI's speech-to-text endpoint has a path traversal vulnerability where an authenticated user can craft a malicious filename to trigger an error that leaks the server's absolute file path. The vulnerability exists because the code doesn't sanitize the filename before using it in a file operation, unlike similar upload handlers elsewhere in the codebase.

Solution / Mitigation

The source recommends two fixes: (1) sanitize the file extension using `Path(file.filename).name` and `Path(safe_name).suffix.lstrip(".")` instead of the current `split(".")[-1]` approach, and (2) suppress the internal path from error responses by catching exceptions and returning a generic error message ("Transcription failed") instead of returning the full exception details.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Patch Available

Yes

Disclosure Date

March 27, 2026

Classification

Attack Type

PII Leakage

Attack SophisticationTrivial

Impact (CIA+S)

confidentiality

AI Component TargetedAPI

Affected Vendors

Affected Packages

open-webui@< 0.8.6 (fixed: 0.8.6)

Related Issues

medium

CVE-2026-2589: The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure

Similar attackNVD/CVE Database

high

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

First tracked: March 27, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 95%