CVE-2026-29070
Published: 27 March 2026
Summary
CVE-2026-29070 is a medium-severity Missing Authorization (CWE-862) vulnerability in Openwebui Open Webui. Its CVSS base score is 5.4 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data Destruction (T1485); ranked at the 13.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires enforcement of access control policies that verify both knowledge base write permissions and file ownership before allowing deletions, addressing the core missing authorization check.
Mandates timely identification, reporting, and correction of software flaws like the missing file ownership verification, such as upgrading Open WebUI to version 0.8.6.
Requires generation of audit records for file deletion events including user, knowledge base, and file ID, enabling detection of unauthorized cross-knowledge-base deletions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing authorization on delete operation directly enables unauthorized deletion of arbitrary knowledge base files, mapping to data destruction and stored data manipulation.
NVD Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an access control check is missing when deleting a file from a knowledge base. The only check being done is that the user…
more
has write access to the knowledge base (or is admin), but NOT that the file actually belongs to this knowledge base. It is thus possible to delete arbitrary files from arbitrary knowledge bases (as long as one knows the file id). Version 0.8.6 patches the issue.
Deeper analysisAI
CVE-2026-29070 affects Open WebUI, a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, the platform lacks a proper access control check when deleting a file from a knowledge base. Specifically, it only verifies that the user has write access to the target knowledge base or possesses admin privileges, but fails to confirm that the file belongs to that knowledge base. This vulnerability, classified under CWE-862 (Missing Authorization), carries a CVSS v3.1 base score of 5.4 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).
An authenticated attacker with low-privilege write access to any knowledge base—or an admin—can exploit this issue over the network with low complexity and no user interaction required. By knowing or guessing a target file ID, the attacker can delete arbitrary files from any knowledge base, potentially disrupting data integrity and availability across the platform without impacting confidentiality.
The official GitHub security advisory (GHSA-26gm-93rw-cchf) confirms that Open WebUI version 0.8.6 addresses the vulnerability by implementing the missing file ownership check during deletion operations. Security practitioners should upgrade to at least version 0.8.6 and review access controls on knowledge bases to mitigate risks.
As a self-hosted AI platform, this issue is particularly relevant for organizations using Open WebUI for offline AI workflows involving knowledge bases, such as retrieval-augmented generation, where unauthorized file deletions could compromise model training data or operational resources. No public evidence of real-world exploitation has been reported as of the CVE publication on 2026-03-27.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: artificial intelligence