{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28786", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-03T14:25:19.244Z", "datePublished": "2026-03-26T23:37:25.673Z", "dateUpdated": "2026-03-27T13:53:30.683Z"}, "containers": {"cna": {"title": "Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-209", "lang": "en", "description": "CWE-209: Generation of Error Message Containing Sensitive Information", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/open-webui/open-webui/security/advisories/GHSA-vvxm-vxmr-624h", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-vvxm-vxmr-624h"}], "affected": [{"vendor": "open-webui", "product": "open-webui", "versions": [{"version": "< 0.8.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T23:37:25.673Z"}, "descriptions": [{"lang": "en", "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a `FileNotFoundError` whose message \u2014 including the server's absolute `DATA_DIR` path \u2014 is returned verbatim in the HTTP 400 response body, confirming information disclosure on all default deployments. Version 0.8.6 patches the issue."}], "source": {"advisory": "GHSA-vvxm-vxmr-624h", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-vvxm-vxmr-624h", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T13:27:12.139750Z", "id": "CVE-2026-28786", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T13:53:30.683Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28786", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-27T13:27:12.139750Z"}}}], "references": [{"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-vvxm-vxmr-624h", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T13:27:06.627Z"}}], "cna": {"title": "Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`", "source": {"advisory": "GHSA-vvxm-vxmr-624h", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "open-webui", "product": "open-webui", "versions": [{"status": "affected", "version": "< 0.8.6"}]}], "references": [{"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-vvxm-vxmr-624h", "name": "https://github.com/open-webui/open-webui/security/advisories/GHSA-vvxm-vxmr-624h", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a `FileNotFoundError` whose message \u2014 including the server's absolute `DATA_DIR` path \u2014 is returned verbatim in the HTTP 400 response body, confirming information disclosure on all default deployments. Version 0.8.6 patches the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-209", "description": "CWE-209: Generation of Error Message Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T23:37:25.673Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28786", "state": "PUBLISHED", "dateUpdated": "2026-03-27T13:53:30.683Z", "dateReserved": "2026-03-03T14:25:19.244Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-26T23:37:25.673Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a `FileNotFoundError` whose message \u2014 including the server's absolute `DATA_DIR` path \u2014 is returned verbatim in the HTTP 400 response body, confirming information disclosure on all default deployments. Version 0.8.6 patches the issue."}, {"lang": "es", "value": "Open WebUI es una plataforma de inteligencia artificial autoalojada dise\u00f1ada para operar totalmente fuera de l\u00ednea. Antes de la versi\u00f3n 0.8.6, un campo de nombre de archivo no saneado en el endpoint de transcripci\u00f3n de voz a texto permite a cualquier usuario autenticado no administrador activar un 'FileNotFoundError' cuyo mensaje \u2014 incluyendo la ruta absoluta 'DATA_DIR' del servidor \u2014 se devuelve textualmente en el cuerpo de la respuesta HTTP 400, confirmando la revelaci\u00f3n de informaci\u00f3n en todas las implementaciones predeterminadas. La versi\u00f3n 0.8.6 corrige el problema."}], "id": "CVE-2026-28786", "lastModified": "2026-03-27T15:16:51.927", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-27T00:16:22.503", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-vvxm-vxmr-624h"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-vvxm-vxmr-624h"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-209"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.8.6)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "open-webui", "source": "cna", "vendor": "open-webui"}, "product": "open-webui", "vendor": "open-webui"}], "analysis": {"en": {"generated_at": "2026-03-27T06:52:24.936071+00:00", "value": {"mitigation_remediation": ["Upgrade Open WebUI to version 0.8.6 or newer.", "Restrict the transcription endpoint to administrative users only.", "Verify that error messages no longer reveal absolute paths.", "Monitor logs for FileNotFoundError responses that expose server paths."], "summary": {"action": "Apply Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Open WebUI installations running any version earlier than 0.8.6 are vulnerable to this defect. The issue was resolved in version 0.8.6; all releases equal to or newer than that are considered safe.", "description_and_impact": "An unsanitized filename field in the speech\u2011to\u2011text transcription endpoint causes a FileNotFoundError to be thrown. The error message contains the server\u2019s absolute DATA_DIR path, which is returned verbatim in the 400 response. This flaw stems from improper input validation and error handling and aligns with CWE\u2011209 (Information Exposure Through Error Message) and CWE\u201122 (Path Traversal).", "risk_and_exploitability": "The CVSS score of 4.3 reflects moderate severity, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires authentication as a non\u2011admin user and allows an attacker to gain the absolute file path of the server, potentially aiding further reconnaissance or targeted attacks. Because the EPSS score is unavailable, the likelihood of exploitation is uncertain, yet the disclosure can be valuable for adversaries."}}}}, "created": "2026-03-27T08:31:23.144129+00:00", "updated": "2026-03-27T09:22:45.334647+00:00", "vendors": ["open-webui", "open-webui$PRODUCT$open-webui"]}