CVE-2026-28786

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a `FileNotFoundError` whose message — including the server's absolute `DATA_DIR` path — is returned verbatim in the HTTP 400 response body, confirming information disclosure on all default deployments. Version 0.8.6 patches the issue.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/open-webui/open-webui/security/advisories/GHSA-vvxm-vxmr-624h	Exploit Vendor Advisory
https://github.com/open-webui/open-webui/security/advisories/GHSA-vvxm-vxmr-624h	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*

History

30 Mar 2026, 17:25

Type	Values Removed	Values Added
First Time		Openwebui open Webui Openwebui
CPE		cpe:2.3:a:openwebui:open_webui::::::::
References	~~() https://github.com/open-webui/open-webui/security/advisories/GHSA-vvxm-vxmr-624h -~~	() https://github.com/open-webui/open-webui/security/advisories/GHSA-vvxm-vxmr-624h - Exploit, Vendor Advisory

Information

Published : 2026-03-27 00:16

Updated : 2026-03-30 17:25

NVD link : CVE-2026-28786

Mitre link : CVE-2026-28786

CVE.ORG link : CVE-2026-28786

JSON object : View

Products Affected

openwebui

open_webui

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-209

Generation of Error Message Containing Sensitive Information

{"id": "CVE-2026-28786", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2026-03-27T00:16:22.503", "references": [{"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-vvxm-vxmr-624h", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-vvxm-vxmr-624h", "tags": ["Exploit", "Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a `FileNotFoundError` whose message \u2014 including the server's absolute `DATA_DIR` path \u2014 is returned verbatim in the HTTP 400 response body, confirming information disclosure on all default deployments. Version 0.8.6 patches the issue."}, {"lang": "es", "value": "Open WebUI es una plataforma de inteligencia artificial autoalojada dise\u00f1ada para operar totalmente fuera de l\u00ednea. Antes de la versi\u00f3n 0.8.6, un campo de nombre de archivo no saneado en el endpoint de transcripci\u00f3n de voz a texto permite a cualquier usuario autenticado no administrador activar un 'FileNotFoundError' cuyo mensaje \u2014 incluyendo la ruta absoluta 'DATA_DIR' del servidor \u2014 se devuelve textualmente en el cuerpo de la respuesta HTTP 400, confirmando la revelaci\u00f3n de informaci\u00f3n en todas las implementaciones predeterminadas. La versi\u00f3n 0.8.6 corrige el problema."}], "lastModified": "2026-03-30T17:25:24.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98042D01-E16B-45CE-9BBC-E5A6E2AA2370", "versionEndExcluding": "0.8.6"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}