CVE-2026-29071

LOW NVD

CVSS Score 3.1

Severity LOW

Published Mar 27, 2026

Vendor unknown

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via `/api/v1/retrieval/query/collection`. Version 0.8.6 patches the issue.

References

https://github.com/open-webui/open-webui/security/advisories/GHSA-w9f8-gxf9-rhvw