CVE-2026-45402: Open WebUI File ID Authorization Bypass

Overview

CVE-2026-45402 is a high-severity authorization bypass vulnerability affecting Open WebUI, a self-hosted AI platform designed for offline operation. The flaw was assigned a CVSS score of 8.1 and was disclosed on May 15, 2026 via the National Vulnerability Database.

The vulnerability exists in multiple API endpoints that accept a caller-supplied file_id parameter without verifying that the requesting user has ownership or access rights to the referenced file.

Technical Details

When a user submits a request that includes a file_id value, the affected endpoints attach the referenced file to a resource the caller controls — such as a folder or a knowledge base — without first checking that the file belongs to them.

This creates an Insecure Direct Object Reference (IDOR) condition. An authenticated but unprivileged user can:

Enumerate or guess valid file_id values belonging to other users
Submit requests to vulnerable endpoints with those IDs
Attach other users' files to their own folders or knowledge-base entries
Gain read access to content they were not intended to see

The flaw affects the folder knowledge and knowledge-base contents management endpoints at minimum. The root cause is a missing ownership check — the application trusts caller-supplied IDs rather than verifying server-side authorization before performing the attachment operation.

Affected Versions

Product	Affected	Fixed
Open WebUI	All versions prior to 0.9.5	0.9.5

Impact

Confidentiality: Authenticated users can access files uploaded by other users on the same instance
Integrity: Unauthorized files can be silently attached to user-controlled resources
Scope: Any shared or multi-user Open WebUI deployment is at risk

Self-hosted instances with a single operator are less exposed, but any organization running Open WebUI for teams is directly affected.

Remediation

Upgrade to Open WebUI 0.9.5 or later immediately. The fix introduces server-side ownership verification on all endpoints that accept file_id parameters, ensuring that the requesting user is the legitimate owner before performing any attachment operations.

If an immediate upgrade is not possible:

Restrict access to the Open WebUI instance to trusted users only
Monitor API logs for unexpected file_id values in attachment requests
Review existing knowledge-base and folder memberships for unauthorized files

References

Overview

The vulnerability exists in multiple API endpoints that accept a caller-supplied file_id parameter without verifying that the requesting user has ownership or access rights to the referenced file.

Technical Details

This creates an Insecure Direct Object Reference (IDOR) condition. An authenticated but unprivileged user can:

Enumerate or guess valid file_id values belonging to other users

Submit requests to vulnerable endpoints with those IDs

Attach other users' files to their own folders or knowledge-base entries

Gain read access to content they were not intended to see

Product

Affected

Fixed

Open WebUI

All versions prior to 0.9.5

0.9.5

Impact

Confidentiality: Authenticated users can access files uploaded by other users on the same instance

Integrity: Unauthorized files can be silently attached to user-controlled resources

Scope: Any shared or multi-user Open WebUI deployment is at risk

Self-hosted instances with a single operator are less exposed, but any organization running Open WebUI for teams is directly affected.

Remediation

If an immediate upgrade is not possible:

Restrict access to the Open WebUI instance to trusted users only

Monitor API logs for unexpected file_id values in attachment requests

Review existing knowledge-base and folder memberships for unauthorized files

CVE-2026-45402: Open WebUI File ID Authorization Bypass

Affected Products

Overview

Technical Details

Affected Versions

Impact

Remediation

References

CVE-2026-3445: ProfilePress WordPress Plugin Allows Unauthorized Membership Payment Bypass

CVE-2026-32975: OpenClaw Zalouser Weak Authorization via Mutable Group Display Names

CVE-2026-22172: OpenClaw Critical Authorization Bypass via WebSocket Scope Elevation

CVE-2026-45402: Open WebUI File ID Authorization Bypass

Affected Products

Overview

Technical Details

Affected Versions

Impact

Remediation

References

CVE-2026-3445: ProfilePress WordPress Plugin Allows Unauthorized Membership Payment Bypass

CVE-2026-32975: OpenClaw Zalouser Weak Authorization via Mutable Group Display Names

CVE-2026-22172: OpenClaw Critical Authorization Bypass via WebSocket Scope Elevation