{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-29071", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-03T20:51:43.482Z", "datePublished": "2026-03-26T23:54:38.117Z", "dateUpdated": "2026-03-27T20:06:33.347Z"}, "containers": {"cna": {"title": "Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories", "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "lang": "en", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/open-webui/open-webui/security/advisories/GHSA-w9f8-gxf9-rhvw", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-w9f8-gxf9-rhvw"}], "affected": [{"vendor": "open-webui", "product": "open-webui", "versions": [{"version": "< 0.8.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T23:54:38.117Z"}, "descriptions": [{"lang": "en", "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via `/api/v1/retrieval/query/collection`. Version 0.8.6 patches the issue."}], "source": {"advisory": "GHSA-w9f8-gxf9-rhvw", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T20:06:23.684368Z", "id": "CVE-2026-29071", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T20:06:33.347Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-29071", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-27T20:06:23.684368Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T20:06:28.818Z"}}], "cna": {"title": "Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories", "source": {"advisory": "GHSA-w9f8-gxf9-rhvw", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "open-webui", "product": "open-webui", "versions": [{"status": "affected", "version": "< 0.8.6"}]}], "references": [{"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-w9f8-gxf9-rhvw", "name": "https://github.com/open-webui/open-webui/security/advisories/GHSA-w9f8-gxf9-rhvw", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via `/api/v1/retrieval/query/collection`. Version 0.8.6 patches the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T23:54:38.117Z"}}}, "cveMetadata": {"cveId": "CVE-2026-29071", "state": "PUBLISHED", "dateUpdated": "2026-03-27T20:06:33.347Z", "dateReserved": "2026-03-03T20:51:43.482Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-26T23:54:38.117Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via `/api/v1/retrieval/query/collection`. Version 0.8.6 patches the issue."}], "id": "CVE-2026-29071", "lastModified": "2026-03-27T00:16:22.983", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-03-27T00:16:22.983", "references": [{"source": "[email protected]", "url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-w9f8-gxf9-rhvw"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "[email protected]", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.8.6)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "open-webui", "source": "cna", "vendor": "open-webui"}, "product": "open-webui", "vendor": "open-webui"}], "analysis": {"en": {"generated_at": "2026-03-27T06:26:47.341551+00:00", "value": {"mitigation_remediation": ["Upgrade to Open WebUI v0.8.6 or later."], "summary": {"action": "Apply patch", "impact": "Unauthorized read of private memory"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Open WebUI product from the open-webui vendor. All releases prior to version 0.8.6 are impacted. The issue was fixed in version 0.8.6, which removes the IDOR path. Users running earlier versions should upgrade immediately.", "description_and_impact": "Open WebUI permits any authenticated user to read other users' private memories through the /api/v1/retrieval/query/collection endpoint. This flaw represents an insecure direct object reference that can expose sensitive user data. The weakness falls under CWE-639. Because the endpoint does not enforce proper ownership checks, an attacker can retrieve confidential memory contents belonging to other users, potentially leading to privacy violations.", "risk_and_exploitability": "The CVSS base score is 3.1, indicating a low severity. EPSS is not available, and it is not included in the CISA KEV catalog. The flaw requires an authenticated user to exploit, so it is not a remote code execution bug but still permits unauthorized data access. Attackers who have legitimate credentials but malicious intent can exploit the endpoint to harvest private memories, making the vulnerability useful in insider threat scenarios. Since it does not affect system integrity or availability, the risk is primarily confidentiality."}}}}, "created": "2026-03-27T08:31:20.466688+00:00", "updated": "2026-03-27T09:22:42.548349+00:00", "vendors": ["open-webui", "open-webui$PRODUCT$open-webui"]}